BI.ZONE Threat Intelligence has discovered a previously unknown cluster whose activity can be traced back to November 2023. Dubbed Venture Wolf, the cluster employs multiple loaders to deliver MetaStealer to the target systems. The threat actor focuses on a range of industries, including manufacturing, construction, IT, and telecommunications.
Stealers maintain their position among the most popular types of malware employed by threat actors. As there are no “developer” restrictions on the use of certain malware programs against Russian companies, such programs gain higher recognition among various clusters of malicious activity. The authentication material obtained in the course of MetaStealer‑based campaigns can be used later to undertake more complex targeted attacks against the compromised organizations.
Read more…
Source: BI.ZONE Threat Intelligence
Related:
- New Mirai Variant Found Spreading like Wildfire
November 23, 2017
A security researcher reportedly discovered a new variant of Mirai (identified by Trend Micro as ELF_MIRAI family) that is quickly spreading. A notable increase in traffic on port 2323 and 23 was observed over the weekend, with around 100 thousand unique scanner IPs coming from Argentina. The release of the Proof-of-Concept (PoC) exploit code in a public vulnerabilities database was ...
- HP patches severe code execution bug in enterprise printers
November 23, 2017
HP has issued firmware patches to fix a security flaw which allowed attackers to perform remote code execution attacks on enterprise-grade printers. FoxGlove Security researchers issued an advisory disclosing the technical details of the bug, CVE-2017-2750, earlier this week. The team tested out HP’s PageWide Enterprise Color MFP 586 and the HP Color LaserJet Enterprise M553 models, and found they ...
- Google security report finds phishing to be biggest threat
November 14, 2017
In an effort to better understand how users accounts get ‘hijacked,’ Google collaborated with the University of California at Berkeley to investigate how the black markets responsible for obtaining and selling user credentials operate. The study took place from March 2016 to March 2017 and the research focused primarily on tracking several large black markets trading ...
- The nasty future of ransomware: Four ways the nightmare is about to get even worse
October 31, 2017
2017 has been the year of ransomware. While the file-encrypting malware has existed in one form or another for almost three decades, over the last few months it’s developed from a cybersecurity concern to a public menace. The term even made it into the dictionary in September. In particular, 2017 had its own summer of ransomware: while incidents ...
- Hackers Take Aim at SSH Keys in New Attacks
October 19, 2017
SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SSH keys to be used to compromise websites. “What ...
- US-CERT study predicts machine learning, transport systems to become security risks
October 19, 2017
The Carnegie-Mellon University’s Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. That advice comes in the institute’s third Emerging Technology Domains Risk Survey, a project it has handled for the US Department of Homeland Security’s US-CERT since 2015. The surveys are cumulative, meaning any ...