Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Mortgage and loan giant Mr. Cooper blames cyberattack for ongoing outage
November 2, 2023
Mortgage and loan giant Mr. Cooper says a “cybersecurity incident” earlier this week was the cause of an ongoing outage, adding that the company is “working to resolve the issue.” The Texas-based company said in a statement on its website that on October 31, Mr. Cooper “became the target of a cyber security incident and took ...
- Boeing confirms ‘cyber incident’ after ransomware gang claims data theft
November 2, 2023
Aerospace giant Boeing has confirmed that it is dealing with a “cyber incident,” days after the company was listed on the leak site of the LockBit ransomware gang. In a statement given to TechCrunch, Boeing spokesperson Jim Prolux confirmed that attackers had targeted “elements of our parts and safety business.” The spokesperson added: “This issue does ...
- New Zealand: Money-motivated cyber attacks outnumber those carried out by nation-states
November 2, 2023
Major financially motivated cyber attacks in New Zealand have exceeded those launched by nation-states for the first time, and AI looms as an ever-greater weapon, a new report says. In its latest annual threat report, the National Cyber Security Centre said the potential impact was growing – though the number of major attacks dropped slightly, to ...
- Do government sanctions against ransomware groups work?
November 2, 2023
Earlier this year, the U.S. government imposed sanctions against Russian national Mikhail Matveev, an FBI most-wanted cybercriminal, who authorities accuse of being a “prolific ransomware affiliate” involved in cyberattacks in the United States and overseas. Authorities say Matveev played a major role in the development and deployment of the Hive, LockBit and Babuk ransomware variants, ...
- Forty Countries Agree Not to Pay Cybercrime Ransoms
November 1, 2023
Dozens of US allies have signed an agreement never to pay digital extortionists, in a sign of the growing impact ransomware is having on their national security and economies. The pledge was made at the second annual meeting of the International Counter Ransomware Initiative and reported by attendant media, although there is no official word yet ...
- Ransomware gang HelloKitty exploits critical Apache ActiveMQ bug CVE-2023-46604
November 1, 2023
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. Based on the ransom note and available evidence, we attribute the activity to ...