TaxOff: um, you’ve got a backdoor…

In Q3 2024, the Positive Technologies Expert Security Center (PT ESC) TI Department discovered a series of attacks on Russian government agencies. PT ESC researchers were unable to establish any connection with known groups using the same techniques. The main goal Read More …

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers? A malicious actor could upload a poisoned model Read More …

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

Recently, Trend Micro has been tracking Earth Simnavaz (also known as APT34 and OilRig), a cyber espionage group. This group primarily targets organizations in the energy sector, particularly those involved in oil and gas, as well as other infrastructure. It Read More …

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

In August 2024, Kaspersky team identified a new crimeware bundle, which we named “SteelFox”. Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular software Read More …

Venture Wolf attempts to disrupt Russian businesses with MetaStealer

BI.ZONE Threat Intelligence has discovered a previously unknown cluster whose activity can be traced back to November 2023. Dubbed Venture Wolf, the cluster employs multiple loaders to deliver MetaStealer to the target systems. The threat actor focuses on a range Read More …

Stealc Malware Checks Everything – Even the Screen Resolution

This week, the SonicWall Capture Labs threat research team reviewed a sample of Stealc malware. This is an infostealer that digs through a victim’s system to extract credentials from browsers, cryptocurrency wallets and fileshare servers. Processes are monitored, as well Read More …

Stealer here, stealer there, stealers everywhere!

Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. Read More …

Cyber Security Association of China calls for cybersecurity review of Intel products sold in China

The Cyber Security Association of China on Wednesday called for the launch of a systematic review of potential cybersecurity risks in Intel products due to frequent vulnerabilities and high failure rates, in order to effectively safeguard China’s national security and Read More …

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat Read More …

4 more nations sign on to US-led counter-spyware agreement

Austria, Estonia, Lithuania and the Netherlands on Sunday joined a U.S.-led pact designed to deter global spyware abuses, marking 21 nations signing onto the agreement after the alliance began with 11 participants in March of last year. The add-ins were Read More …