Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- More Hacking Groups Found Exploiting SMB Flaw Weeks Before WannaCry
May 19, 2017
Since the Shadow Brokers released the zero-day software vulnerabilities and hacking tools – allegedly belonged to the NSA’s elite hacking team Equation Group – several hacking groups and individual hackers have started using them in their own way. The April’s data dump was believed to be the most damaging release by the Shadow Brokers till the ...
- Available Tools Making Dent in WannaCry Encryption
May 19, 2017
Tools are beginning to emerge that can be used to start the process of recovering files encrypted by WannaCry on some Windows systems. This takes on extra urgency because today marks one week from the initial outbreak, and files encrypted during that first wave are on the clock and close to being lost forever. Adrien Guinet, of ...
- Shadow Brokers teases more Windows exploits and cyberespionage data
May 16, 2017
A group of hackers that previously leaked alleged U.S. National Security Agency exploits claims to have even more attack tools in its possession and plans to release them in a new subscription-based service. The group also has intelligence gathered by the NSA on foreign banks and ballistic missile programs, it said. The Shadow Brokers was responsible for leaking ...
- Japan and China wake up to global ‘ransomware’ cyberattack while Microsoft slams US government
May 15, 2017
Japan and China have fallen victim of a global “ransomware” cyberattack that has created chaos in 150 countries as Microsoft pinned blame on the US government for not disclosing more software vulnerabilities. The initial attack, known as “WannaCry,” paralyzed more than 200,000 computers, including those which that run Britain’s hospital network, Germany’s national railway and other companies and government agencies ...
- Europol Warns WannaCry Spread to Go Up on Monday
May 14, 2017
Europol is spreading bad news today as it announced that a new wave of WannaCry ransomware infections, even worse than the first, is coming on Monday. The European law enforcement agency estimates that so far there are some 200,000 victims of WannaCry and the number keeps growing. Furthermore, the number of affected countries has grown from ...
- Europol News Article on Wannacry Ransomware: recent cyber-attack
May 13, 2017
The European Cybercrime Centre, EC3, at Europol is working closely with affected countries cybercrime units and key industry partners to mitigate the threat and assist victims. The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a ...