In Q3 2024, the Positive Technologies Expert Security Center (PT ESC) TI Department discovered a series of attacks on Russian government agencies.
PT ESC researchers were unable to establish any connection with known groups using the same techniques. The main goal was espionage and gaining a foothold to follow through on further attacks. They dubbed the group TaxOff because of their legal and finance-related phishing emails leading to a backdoor written in at least C++17, which the researchers named Trinper after the artefact used to communicate with C2. Initial infection vector TaxOff uses phishing emails.
Read more…
Source: Positive Technologies Expert Security Center
Related:
- Patch Tuesday – March 2025
March 11, 2025
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware of public disclosure for one other vulnerability. This is ...
- Elon Musk’s X hit by waves of outages in what he claims is ‘a massive cyberattack’
March 10, 2025
Elon Musk’s X has been hit by three waves of outages since this morning, which the billionaire claims was due to a cyberattack. According to outage tracking site DownDetector, the problems began around 6 am ET when up to 20,538 users reported problems. The issues temporarily died down before nearly 40,000 users reported outages at 10 ...
- Allstate sued for not reporting data breach of 165,000 New Yorkers
March 10, 2025
New York state sued Allstate on Monday, accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and not developing reasonable safeguards to protect policyholders’ private information. The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan, and seeks civil fines. ...
- Fake CAPTCHA websites hijack your clipboard to install information stealers
March 10, 2025
There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated. At first, these attacks were more targeted at people that ...
- Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations
March 10, 2025
Japanese telecom giant NTT Communications (NTT Com) has confirmed that hackers accessed the data of almost 18,000 corporate customers during a February cyberattack, affecting an as-yet-unknown number of individuals. The Tokyo-based NTT Com, which provides phone and network tech to enterprises, said it discovered the data breach on February 5 after determining that the hackers had ...
- New botnet unleashes record-breaking DDoS attacks
March 7, 2025
A new botnet dubbed “Eleven11bot” has emerged, delivering what security researchers believe are the largest distributed denial-of-service (DDoS) attacks ever recorded. The botnet, primarily composed of compromised webcams and video recorders, has triggered widespread service disruptions and ignited a debate within the cybersecurity community about its true size. Nokia’s Deepfield Emergency Response Team first detected the ...