Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Airport services firm Swissport reports ransomware incident
February 4, 2022
Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said the ransomware attack targeted its IT infrastructure. The group behind the attack was not named. Also: Prosecutors investigating cyberattacks affecting multiple Belgian and Dutch ports “The attack has been largely contained, and we are working actively to fully resolve the ...
- Oil terminals disrupted after European ports hit by cyberattack
February 3, 2022
Port facilities in Belgium, Germany, and the Netherlands have been targeted by a large-scale cyberattack, authorities say. Officials say the hack began several days ago and has primarily disrupted operations at oil terminals, preventing tankers from delivering energy supplies. German judicial authorities say they have launched an investigation into suspected “extortion” of oil operators, amid soaring energy ...
- Telco fined €9 million for hiding cyberattack impact from customers
February 1, 2022
The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of ...
- FBI: Scammers Exploit Security Weaknesses on Job Recruitment Websites to Impersonate Legitimate Businesses, Threatening Company Reputation and Defrauding Job Seekers
February 1, 2022
The FBI warns that malicious actors or ‘scammers’ continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money. These scammers lend credibility to their scheme by using legitimate information to imitate businesses, threatening reputational harm for the business and financial ...
- Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto
February 1, 2022
A new and powerful malware named ‘Mars Stealer’ has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. Mars Stealer is an information-stealing malware that steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets. Additionally, ...
- Shell forced to reroute supplies after cyberattack on two German oil companies
February 1, 2022
A cyberattack on two German oil suppliers has forced energy giant Shell to reroute oil supplies to other depots, according to Reuters and the Handelsblatt newspaper. Handelsblatt was the first to report on Monday that oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls Group, had suffered a cyberattack that crippled ...