Summary:
Winos4.0 is a sophisticated malware framework that compromises Microsoft Windows systems, particularly targeting the education sector through malicious game-related applications. It utilizes a multi-stage attack process to gain control…Tag: BOTNET
Summary:
In October 2024, the Cleafy Threat Intelligence team uncovered a new Android banking Trojan campaign named ToxicPanda, initially linked to the TgToxic family. This malware targets banking institutions in…Summary: Operational Relay Box (ORB) networks are increasingly utilized by threat actors, particularly those linked to the People’s Republic of China, to enhance anonymity and evade detection during cyber attacks. …
Summary: Microsoft has issued a warning regarding Chinese threat actors utilizing the Quad7 botnet, composed of compromised SOHO routers, to conduct password-spray attacks aimed at stealing credentials. The botnet, also …
Summary: Sophos has conducted extensive operations over the past five years to counteract sophisticated cyber espionage campaigns from Chinese nation-state adversaries targeting critical infrastructure and perimeter devices. The report highlights …
Short Summary:
Operational Relay Box (ORB) networks are increasingly used by threat actors, particularly those linked to the People’s Republic of China (PRC). These networks combine elements of botnets and …
Summary: The Dutch National Police, in collaboration with international law enforcement, seized the infrastructure of the Redline and Meta infostealer malware operations during “Operation Magnus,” warning cybercriminals that their data …
Summary: The Prometei botnet, active since at least 2016, continues to spread globally, targeting systems with outdated vulnerabilities to facilitate cryptojacking and deploy web shells. It exploits weak configurations and …
Short Summary:
In Q3 2024, APT groups from China, North Korea, Iran, and Russia intensified their cyber operations, employing sophisticated techniques and targeting critical infrastructure. Chinese APTs focused on network …
Short Summary:
The article provides a comprehensive analysis of the DarkComet Remote Access Trojan (RAT), detailing its capabilities, methods of infection, and the technical mechanisms it employs to evade detection …
Short Summary:
TA866, also known as Asylum Ambuscade, is a threat actor active since at least 2020, known for conducting intrusion operations using both commodity and custom tools. Their tactics …
Short Summary:
The article provides a comprehensive analysis of the DarkComet Remote Access Trojan (RAT), detailing its functionalities, infection methods, and persistence mechanisms. DarkComet allows attackers to remotely control infected …
The Monthly Intelligence Insights report by Securonix Threat Labs for July highlights significant cyber threats, including the activities of the Lazarus Group and Water Bakunawa, along with various …
Summary: Russian threat actors have launched a series of DDoS attacks against various Japanese websites in response to upcoming military exercises between Japan and the U.S. The attacks targeted political …
Short Summary:
Evil Corp, a notorious pro-Russian hacktivist group led by Maksim Yakubets, has been involved in large-scale financial cyberattacks since 2007. Known for its sophisticated ransomware and banking fraud …
Summary: The “ErrorFather” campaign has been identified as a sophisticated operation utilizing an undetected variant of the Cerberus Android Banking Trojan, employing a multi-stage infection chain to evade detection. This …
Summary: Researchers have identified a critical unpatched vulnerability (CVE-2024-9441) in the Nice Linear eMerge E3 access controller systems, allowing remote attackers to execute arbitrary OS commands. The flaw has a …
The “ErrorFather” campaign, identified by Cyble Research and Intelligence Labs, utilizes an undetected Cerberus Android Banking Trojan payload. This sophisticated malware employs a multi-stage infection chain, including session-based …
FortiGuard Labs reported on a critical security incident involving the Ivanti Cloud Services Appliance (CSA), where an advanced adversary exploited multiple vulnerabilities, including CVE-2024-8190, to gain unauthorized access …
Summary: Cyble’s Vulnerability Intelligence unit has reported a surge in cyberattacks targeting various IT products, highlighting the exploitation of both new and existing vulnerabilities. The report emphasizes the need for …
Since mid-2023, the Sekoia Threat Detection & Research team has been investigating a sophisticated cyber attack infrastructure that utilizes compromised edge devices as Operational Relay Boxes (ORBs). This …
Threat Actor: UserSec | UserSec Victim: Global Cybersecurity Defenses | Global Cybersecurity Defenses Price: Not disclosed Exfiltrated Data Type: N/A
Key Points :
UserSec has launched a new DDoS attack…Short Summary:
Key Group, also known as keygroup777, is a financially motivated ransomware group that primarily targets Russian users. They utilize various ransomware builders, including Chaos and Annabelle, and communicate …
Summary: A researcher has identified a critical decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, potentially allowing attackers to gain complete control over these devices. The flaw is currently …
The Gorilla Botnet, a new botnet family, emerged in September 2024, launching over 300,000 DDoS attack commands across 113 countries, with China and the U.S. being the most …
Summary: Recent cyber espionage campaigns linked to China have targeted U.S. internet service providers, with the Salt Typhoon operation focusing on intelligence gathering and potential disruptions. Investigations are ongoing to …
Threat Actor: SiegedSec | SiegedSec Victim: Telecom Company | Telecom Company Price: Unknown Exfiltrated Data Type: Sensitive Data
Key Points :
A key member of SiegedSec, known by the alias…Summary: A new cryptojacking campaign has been discovered that targets Docker Engine API, enabling lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes compromised Docker hosts …
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
[Law] Law enforcement op disrupts a massive botnet that infected over 200K network devices worldwide
Summary: The FBI has successfully taken control of a botnet operated by the Chinese state-backed hacking group Flax Typhoon, which targeted critical infrastructure in the US and abroad. This botnet, …
Summary: German law enforcement has seized 47 cryptocurrency exchange services that facilitated illegal money laundering for cybercriminals, including ransomware gangs, by allowing anonymous transactions. The operation, dubbed “Operation Final Exchange,” …
Summary: Researchers from Lumen’s Black Lotus Labs have identified a new botnet named Raptor Train, primarily composed of compromised SOHO and IoT devices, believed to be controlled by the China-linked …
In mid-2023, Black Lotus Labs uncovered a significant botnet named “Raptor Train,” believed to be operated by the Chinese threat actors known as Flax Typhoon. This botnet has …
Threat Actor: Unknown | unknown Victim: US Cosmetics Company | US Cosmetics Company Price: $12,000 Exfiltrated Data Type: PowerShell commands, Chrome browser log (2 passwords)
Key Points :
A threat…Summary: A report from Imperva reveals that over 25,000 malicious requests have targeted Apache OFBiz due to the newly disclosed CVE-2024-45195 vulnerability, primarily affecting the financial services and business sectors. …
Summary: The Quad7 botnet is evolving its operations by targeting additional SOHO devices with custom malware, including Zyxel VPN appliances and Ruckus wireless routers, while employing new tactics for stealthier …
Summary: Recent research indicates a dramatic increase in Distributed Denial of Service (DDoS) attacks, with incidents doubling year-on-year, particularly affecting the government sector amid ongoing elections. The rise in attack …
On September 7, 2024, Cyble Global Sensor Intelligence (CGSI) reported active exploitation of CVE-2024-32113, a critical path traversal vulnerability in Apache OFBiz. This vulnerability allows attackers to execute …
The Sekoia TDR team has uncovered new developments related to the Quad7 botnet operators, who are compromising various SOHO routers and VPN appliances. The operators are evolving their …
Summary: A critical vulnerability in the GeoServer platform is being exploited by cybercriminals to launch global hacking campaigns, affecting various sectors including technology, government, and telecommunications. The vulnerability allows for …
Summary: Hackers are now targeting fellow cybercriminals with a deceptive OnlyFans tool that claims to assist in account theft but instead infects them with the Lumma stealer malware. This incident …
The oil and gas extraction industry is increasingly vulnerable to cyberattacks due to its reliance on digital technologies and geopolitical tensions. A significant percentage of energy professionals are …