In Q3 2024, the Positive Technologies Expert Security Center (PT ESC) TI Department discovered a series of attacks on Russian government agencies.
PT ESC researchers were unable to establish any connection with known groups using the same techniques. The main goal was espionage and gaining a foothold to follow through on further attacks. They dubbed the group TaxOff because of their legal and finance-related phishing emails leading to a backdoor written in at least C++17, which the researchers named Trinper after the artefact used to communicate with C2. Initial infection vector TaxOff uses phishing emails.
Read more…
Source: Positive Technologies Expert Security Center
Related:
- Scammers target Italian tycoons using defense minister’s AI-generated voice
February 10, 2025
Scammers target Italian tycoons using defense minister’s AI-generated voice on OpenAI Voice Engine Scammers used AI-generated voice of Italian Defense Minister Guido Crosetto in an atempts to steal millions of dollars from Italian business tycoons, according to reports. Crosetto said last Thursday on X that someone was using his name and his artificially generated voice to ...
- Thai-Swiss-US Operation Nets Hackers Behind 1,000+ Cyber Attacks
February 10, 2025
Thai police arrested four European hackers in Phuket who allegedly stole $16 million through ransomware attacks affecting over 1,000 victims worldwide. The suspects, wanted by Swiss and US authorities, were caught in coordinated raids across four locations. Officers from Cyber Crime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan, conducted “Operation PHOBOS AETOR” in Phuket ...
- 20 million OpenAI accounts offered for sale
February 7, 2025
A cybercriminal acting under the moniker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. A translation of the Russian statement by the poster says: “When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay ...
- Engineer IMI becomes latest British firm to be hit by cyber attack
February 6, 2025
Engineering group IMI confirmed it had been hit by a cyber attack just a week after rival Smiths Group said hackers had gained access to its global systems. Birmingham-headquartered IMI declined to disclose what data had been accessed in the attack, but systems in a number of its locations globally are understood to have been hit. IMI ...
- Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
February 5, 2025
Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers. Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, ...
- Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
February 4, 2025
ELF/Sshdinjector.A!tr is a collection of malware that can be injected into the SSH daemon. Samples of this malware collection surfaced around mid-November 2024. While Fortinet researchers have a good amount of threat intelligence on them (e.g., they are attributed to the DaggerFly espionage group and were used during the Lunar Peek campaign against network appliances), nobody ...