Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- China to impose severe punishment on crimes of cyberbullying, defamation offenses, fabricating sexual topics
September 25, 2023
China on Monday released guidelines to severely punish cyberspace violations that target minors, involve paid posters, fabricate “sexual” topics and use artificial intelligence to disseminate illegal information. The guidelines on punishing crimes of cyberspace violence in accordance with laws were jointly issued by China’s Supreme People’s Court, China’s Supreme People’s Procuratorate and China’s Ministry of Public ...
- UK: Reported cyber security breaches increase threefold for financial services firms
September 25, 2023
Cyber security breaches for UK financial services firms have increased threefold from the years of 2021-2022 and 2022-2023, with the highest – reportedly – being in the pensions sector. New research by the international law firm RPC shows that the amount of reports of cyber security breaches to the Information Commissioners Office (ICO) has increased from ...
- Hackers break into Russian database with data on hundreds of millions of flights
September 23, 2023
Ukrainian hackers have hacked into the Russian database of the Sirena-Travel booking system, obtaining information on 664 million flights over the last 16 years. They also obtained the names, phone numbers and document numbers of the passengers. News of this was posted on the Telegram channel of the hacker community KibOrg. An unknown group called Muppets, ...
- Lingerie group Wacoal hit by cyber attack
September 22, 2023
The websites for Wacoal, Fantasie, Freya and Elomi are all down and displaying an error message stating that the sites are “under maintenance”. One independent Wacoal stockist told Drapers the European arm of the Japanese business had been hit by a cyber attack on Tuesday (19 September) which has affected ordering systems, websites and phone systems. Read ...
- Bermuda: Governor Confirms A ‘Major Cyber-Attack’
September 22, 2023
“Bermuda’s Government IT systems were subjected to a major cyber-attack” and the UK’s National Cyber Security Centre and the National Crime Agency “have been in contact with the Bermuda authorities, and are providing advice to support them,” Governor Rena Lalgie said. The Governor said, “Yesterday Bermuda’s Government IT systems were subjected to a major cyber-attack. That ...
- Air Canada releases statement after brief cyber attack
September 22, 2023
Air Canada appears to have been the victim of a cyber attack after the company released a statement regarding the incident on September 21st. According to the statement, an authorized group gained what the company describes as “limited” access to an internal Air Canada system. The system was related to the personal information of both staff ...