Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Thailand feels the force of cyber-attacks
August 1, 2023
The average number of cyber-attacks on organisations in Thailand was almost double the average rate globally and slightly higher than the average within Southeast Asia over the past six months, according to Check Point Research. Thai organisations were attacked 2,388 times per week on average during the last six months, compared with 2,375 attacks per week ...
- Google AMP – The Newest of Evasive Phishing Tactic
August 1, 2023
A new phishing tactic utilizing Google Accelerated Mobile Pages (AMP) has hit the threat landscape and proven to be very successful at reaching intended targets. Google AMP is an open-source HTML framework used to build websites that are optimized for both browser and mobile use. The websites that Cofense researches observed in these campaigns are hosted ...
- Capita boss quits as fine looms for huge hack of confidential data
July 31, 2023
The chief executive of outsourcing firm Capita is to step down as the company reels from a cyber-attack that could result in a hefty fine from the UK’s information and privacy regulator. Capita said Jon Lewis would step down by the end of the year, making way for Adolfo Hernandez, the vice-president of telecommunications at Amazon ...
- Out of the Sandbox: WikiLoader Digs Sophisticated Evasion
July 31, 2023
Proofpoint researchers identified a new malware we call WikiLoader. It was first identified in December 2022 being delivered by TA544, an actor that typically uses Ursnif malware to target Italian organizations. Proofpoint observed multiple subsequent campaigns, the majority of which targeted Italian organizations. WikiLoader is a sophisticated downloader with the objective of installing a second malware ...
- Malawi: Macra Warns Public to Be On High Alert Against Heightened Cyber Attacks in Comesa Region
July 30, 2023
Malawi Computer Response Team (mwCERT) of the Malawi Communications Regulatory Authority (MACRA) announces of recent cyber-attacks that have targeted several countries in the COMESA region, resulting in severe disruptions to critical information infrastructure, across various sectors. In a statement, MACRA Director General, Daud Suleman says “these online attacks have the potential to affect anyone due to ...
- Kenya reports cyber attacks causing government system outages
July 28, 2023
Cyber attackers targeted a digital platform used by Kenya’s government to deliver services, the country’s technology minister said, highlighting the vulnerabilities of the system. The attack on the e-Citizen platform in recent days caused system outages that left users unable to access a broad range of government services, ranging from passport applications to electricity payments. Some ...