Tag: BACKDOOR

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Summary: Ransomware actors are increasingly targeting VMware ESXi bare metal hypervisors, exploiting SSH tunneling to maintain persistence and evade detection. These attacks can cripple organizations by encrypting files and rendering virtual machines inaccessible. Monitoring challenges related to ESXi logs further complicate detection and response efforts for system administrators.…
Read More
Malicious Software and Its Types
This article explores various types of malware, detailing their characteristics, examples, and consequences in the cybersecurity landscape. It covers viruses, worms, trojans, spyware, rootkits, ransomware, and cryptojacking, highlighting both historical examples and mitigation strategies. Affected: malware, computer systems, data security

Keypoints :

Malware is software developed to harm computer systems, steal data, or gain unauthorized access.…
Read More
Government and university websites targeted in ScriptAPI[.]dev client-side attack – c/side
A recent client-side JavaScript attack has been discovered, affecting over 500 websites, including government and university domains. The attack involves the injection of scripts that create hidden links to external sites, primarily for black hat SEO purposes. The malicious scripts are hosted on scriptapi[.]dev. Affected: government websites, university websites

Keypoints :

Over 500 websites targeted, including government and university domains.…
Read More
Black ‘Magic’ Targets Enterprise Juniper Routers With Backdoor
Summary: A recent campaign named “J-magic” targets Juniper routers using a dormant backdoor malware called “cd00r,” which activates upon receiving specific packets. This malware exploits vulnerabilities in enterprise routers, particularly those configured as VPN gateways or with exposed NETCONF ports, allowing attackers to gain control and access sensitive data.…
Read More
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…
Read More
QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
Summary: Cybersecurity researchers have uncovered a new BackConnect (BC) malware linked to the QakBot loader, which enhances the threat actors’ capabilities for persistence and exploitation. The malware utilizes modules like DarkVNC and IcedID to maintain remote access and gather system information. This development highlights the interconnected nature of cybercriminal groups, particularly between QakBot and the Black Basta ransomware operations.…
Read More
Fileless Malware Nedir? S1Ep2 Cobalt Kitty Operasyonu
This article examines “Operation Cobalt Kitty,” a sophisticated cyberattack targeting financial companies in Asia. The attackers primarily employed fileless malware, spear-phishing, and DNS tunneling techniques to gain access to sensitive systems and maintain persistence. The operation exemplifies the potential damage posed by fileless malware and highlights the lack of detection by existing security measures.…
Read More
Advanced Threat Detection: Exploitation Tactics from a CIRT Technical Interview
This article examines two scenarios wherein attackers exploit misconfigured Redis servers and utilize cloud storage resources to execute malicious scripts and gain unauthorized access. The sophisticated techniques employed emphasize the necessity for proactive defensive measures. Affected: Redis servers, macOS systems

Keypoints :

Attackers exploit misconfigurations in Redis services to execute remote commands.…
Read More
Beyond Flesh and Code: Building an LLM-Based Attack Lifecycle With a Self-Guided Malware Agent
This article discusses the integration of older automation tools with large language models (LLMs) to enhance malware development and delivery methods, including the use of tools like Mantis and Stopwatch.ai for reconnaissance and obfuscation. It highlights the potential of LLMs in creating convincing phishing attacks and guiding malware operations, ultimately leading to a more sophisticated attack lifecycle.…
Read More
FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
Summary: The US government has disclosed details of two exploit chains used by Chinese hackers to infiltrate Ivanti Cloud Service Appliances (CSA), highlighting significant vulnerabilities. Four critical security flaws have been identified, which are actively exploited by these threat actors. The advisory emphasizes the importance of monitoring and securing affected systems to prevent further intrusions.…
Read More
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More
Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Summary: A newly identified Chinese threat group, PlushDaemon, has executed a supply chain attack against South Korean VPN developer IPany, deploying a custom backdoor for cyber-espionage. This attack marks a shift in the group’s tactics, which typically involve hijacking legitimate updates of applications. The group has been active since at least 2019, targeting various regions including South Korea and the US.…
Read More
China-linked hacker group targets victims in East Asia with malicious VPN installers
Summary: A new Chinese state-sponsored hacker group, PlushDaemon, has been targeting users in East Asia through an espionage campaign involving a compromised VPN installer from South Korean firm IPany. The attackers deployed custom malware capable of extensive data collection and spying on victims. Although discovered recently, PlushDaemon has been active since at least 2019, focusing on espionage against various entities across multiple countries.…
Read More
Hidden Threats of Game Assistants | Analysis Report on the “Catlavan” Backdoor Spread in Gaming Forums
As the user base for online gaming grows, so does the gray market for cheats and auxiliary software, which has also led to the spread of malware. A breakthrough in malicious file detection technology by BinaryAI identifies a recent attack targeting users in Russian-based gaming environments, linked to a backdoor named “Catlavan.”…
Read More
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
Summary: A newly identified China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack on a South Korean VPN provider, utilizing a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit designed for espionage and data collection, indicating the group’s significant operational capabilities since at least 2019.…
Read More