GOVERNMENT – Page 168 – Cybersecurity News Everyday

To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions

May 20, 2022 Securonix

UNC2165 Overlaps with Evil Corp Activity

OFAC sanctions against Evil Corp in December 2019 were announced in conjunction with the Department of Justice’s (DOJ) unsealing of indictments against individuals for their roles in the Bugat malware operation, updated versions of which were later called DRIDEX. DRIDEX was believed to operate under an affiliate model with multiple actors involved in the distribution of the malware.…

Threat Research

Browser-in-the Browser sextortion scam makes victims pay by imitating Indian Gov

May 18, 2022 Securonix

Phishing has been a prominent cyber threat for decades, stealing the spotlight as the most prevalent attack vector for years, but the latest breed of attacks is more sophisticated and complicated to protect against than ever before. Attackers are always looking for new techniques to bypass security measures and remain undetected by victims.…

Threat Research

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

May 17, 2022 Securonix

Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately.

We observed vulnerability CVE-2022-29464 being exploited in the wild since April, allowing unrestricted file uploads resulting to arbitrary remote code execution (RCE). Disclosed and patched in April, the security gap was ranked Critical at 9.8 and affects a number of WSO2 products.…

Threat Research

TURLA’s new phishing-based reconnaissance campaign in Eastern Europe

May 16, 2022 Securonix

Table of contents

This blog post on TURLA was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 11, 2022.

Executive Summary

SEKOIA.IO Threat & Detection Research (TDR) Team have expanded the search on Russian-linked TURLA’s infrastructures from a Google’s TAG blog post.…

Threat Research

Unknown APT group has targeted Russia repeatedly since Ukraine invasion

May 13, 2022 Securonix

An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022.

The campaigns, discovered by the Malwarebytes Threat Intelligence team, are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely.…

Threat Research

Yashma Ransomware, Tracing the Chaos Family Tree

May 12, 2022 Securonix

Update 05.27.22: An unknown APT group is targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Ukraine conflict. Source: Security Affairs.

It’s not often that we get to observe the behind-the-scenes drama that can accompany the creation of new malware, but when we do, it gives us a fascinating glimpse into how threat actors operate.…

Threat Research

Twisted Panda: Chinese APT espionage operation against Russian state-owned defense institutes – Check Point Research

May 11, 2022 Securonix

In the past two months, we observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. It comes as no surprise that Russian entities themselves became an attractive target for spear-phishing campaigns that are exploiting the sanctions imposed on Russia by western countries.…

Threat Research

ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups

April 18, 2022 Securonix

ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups

cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the disclosure of internal ITG23 chat logs (“Contileaks”), provide new insight into the connections and cooperation between prominent cybercriminal groups whose attacks often lead to ransomware.…

Threat Research

COBALT MIRAGE conducts ransomware operations in U.S.

April 11, 2022 Securonix

Secureworks® Counter Threat Unit™ (CTU) researchers are investigating attacks by the Iranian COBALT MIRAGE threat group, which has been operating since at least June 2020. COBALT MIRAGE is linked to the Iranian COBALT ILLUSION threat group, which predominantly uses persistent phishing campaigns to obtain initial access.…

Threat Research

APT34 targets Jordan Government using new Saitama backdoor

April 8, 2022 Securonix

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34.…

Threat Research

Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques | Proofpoint US

April 8, 2022 Securonix

Key Findings Proofpoint has analyzed a novel malware variant which utilizes significant anti-analysis and anti-reversing capabilities. The malware, written in the Go programming language, uses multiple open-source Go libraries for conducting malicious activities. The malware, called Nerbian remote access trojan (RAT) leverages COVID-19 and World Health Organization themes to spread.…

Threat Research

Bitter APT adds Bangladesh to their targets

April 7, 2022 Securonix

Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers’ usual victims. As part of this, there’s a new trojan based on Apost Talos is calling “ZxxZ,” that, among other features, includes remote file execution capability.…

Threat Research

Ursnif Malware Banks on News Events for Phishing Attacks | Qualys Security Blog

April 7, 2022 Securonix

Table of Contents

Ursnif (aka Gozi, Dreambot, ISFB) is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware.…

Threat Research

Lazarus Targets Chemical Sector

April 7, 2022 Securonix

Broadcom Software, has observed the North Korea-linked advanced persistent threat (APT) group known as Lazarus conducting an espionage campaign targeting organizations operating within the chemical sector. The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020.…

Threat Research

Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials

March 28, 2022 Securonix

Over the last several years, the Cybereason Nocturnus Team has been tracking different APT groups operating in the Middle East region, including two main sub-groups of the Hamas cyberwarfare division: Molerats and APT-C-23. Both groups are Arabic-speaking and politically-motivated that operate on behalf of Hamas, the Palestinian Islamic-fundamentalist movement and a terrorist organization that has controlled the Gaza strip since 2006.…

Threat Research

Parrot TDS takes over web servers and threatens millions – Avast Threat Labs

March 25, 2022 Securonix

A new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching users from around the world. The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites.…

Threat Research

Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity

March 24, 2022 Securonix

Broadcom, have found.

Activity on infected networks

In several cases, the initial activity on victim networks is seen on Microsoft Exchange Servers, suggesting the possibility that a known, unpatched vulnerability in Microsoft Exchange may have been used to gain access to victim networks in some cases.…

Threat Research

CaddyWiper Analysis: New Malware Attacking Ukraine

March 24, 2022 Securonix

As Russia’s invasion of Ukraine continues, new wiper malware has surfaced attacking Ukrainian infrastructure. Caddywiper was first detected on March 14, 2022. It destroys user data, partitions information from attached drives, and has been spotted on several dozen systems in a limited number of organizations. CaddyWiper has been deployed via GPO, suggesting the attackers had initially compromised the target’s Active Directory server.…

Threat Research

AcidRain | A Modem Wiper Rains Down on Europe

March 22, 2022 Securonix

By Juan Andres Guerrero-Saade (@juanandres_gs) and Max van Amerongen (@maxpl0it)

Executive Summary On Thursday, February 24th, 2022, a cyber attack rendered Viasat KA-SAT modems inoperable in Ukraine. Spillover from this attack rendered 5,800 Enercon wind turbines in Germany unable to communicate for remote monitoring or control.…

Threat Research

State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage – Check Point Research

March 22, 2022 Securonix

Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine was unfolding, Check Point Research (CPR) has observed advanced persistent threat (APT) groups around the world launching new campaigns, or quickly adapting ongoing ones to target victims with spear-phishing emails using the war as a lure.…

Tag: GOVERNMENT