Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Brazilian Ministry of Health recovers systems over a month after cyberattack
January 18, 2022
After a major cyberattack brought key systems of Brazil’s Ministry of Health (MoH) to a halt, the department has reported all its platforms are back online. According to a statement released by the MoH on Friday (14), most systems have been reestablished following a cyberattack in early December 2021, including ConecteSUS, which holds COVID-19 vaccination data. ...
- DHL, Microsoft, WhatsApp top phishing list of most imitated brands
January 17, 2022
DHL took over the top spot of Check Point Research’s list of the most imitated brands among cybercriminals this year, surpassing Microsoft and Google as the brand used most often in phishing emails and scams. The company’s Q4 Brand Phishing Report for 2021 ranks the top 10 most imitated brands in October, November and December. Researchers ...
- Russia: FSB arrests, dismantles REvil hacking group at U.S. request
January 14, 2022
Russia has conducted a special operation against ransomware crime group REvil at the request of the United States and has detained and charged the group’s members, the FSB domestic intelligence service said on Friday. The hacker group sought by Washington has been dismantled and the United States has been informed of the steps taken by Russia, ...
- Cyberattack shuts down Albuquerque schools; county copes with ransomware incident
January 13, 2022
School officials in Albuquerque, New Mexico have cancelled classes for Thursday and Friday due to a cyberattack. The shutdown took place just days after a ransomware attack hit government services across Bernalillo County. In a statement posted to the Albuquerque Public Schools (APS) website, officials said schools will remain closed “as the district continues to investigate ...
- Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry
January 13, 2022
The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organizations today. According to “Follow the Money,” a new report published on the financial sector by Outpost24’s Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today. The financial sector ...
- Maryland officials confirm ransomware attack shut down Department of Health
January 12, 2022
Maryland officials confirmed on Wednesday that state’s Department of Health is dealing with a devastating ransomware attack, which has left hospitals struggling amid a surge of COVID-19 cases. In a statement released on Wednesday, Maryland Chief Information Security Officer Chip Stewart said the attack began on December 4 and crippled their systems. “We have paid no extortion ...