This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able …
Tag: IOT
AhnLab Security Emergency response Center (ASEC) has recently discovered an attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers. Not only did …
Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
EclecticIQ researchers identified a malicious web server very likely operated by a Chinese threat actor used to target Taiwanese government entities, including critical infrastructure.
The command-and-control infrastructure was …
Affected Platforms: LinuxImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: Critical
FortiGuard Labs has encountered new samples of the RapperBot campaign active since January 2023. …
Ever since it first appeared in late 2021, the Raspberry Robin malware campaign has been propagating globally. A number of threat intelligence reports by vendors such as RedCanary …
Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal
Last week, the Zero Day Initiative (ZDI) threat-hunting team observed new exploit attempts coming from our telemetry system in Eastern Europe indicating that the Mirai botnet has updated its arsenal …
AhnLab Security Emergency response Center (ASEC) has recently discovered the ShellBot malware being installed on poorly managed Linux SSH servers. ShellBot, also known as PerlBot, is a DDoS Bot malware …
AhnLab Security Emergency response Center (ASEC) has recently discovered the ChinaZ DDoS Bot malware being installed on inadequately managed Linux SSH servers. As one of the Chinese threat groups that …
Earth Preta has actively been changing its tools, tactics, and procedures (TTPs) to bypass security solutions. In this blog entry, we will introduce and analyze the tools and malware used …
Cyber espionage threat actors continue to target technologies that do not support endpoint detection and response (EDR) solutions such as firewalls, IoT devices, hypervisors and VPN technologies (e.g. Fortinet, SonicWall, …
When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule
Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to …
ESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group. This backdoor is part of an ongoing campaign that we can trace …
On 16th Feb 2023, PSIRT released a security advisory for a critical vulnerability affecting multiple versions …
This post is also available in: 日本語 (Japanese)
Content WarningWe are providing a content warning because the following contains usage of a racial slur by a threat actor, which …
A major method through which threat actors distribute malware is by uploading them to sites disguised as cracks or illegal software. After a threat actor uploads their malware disguised as …
Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These …
Since 2016, Mirai has been an active botnet that targets networking devices running Linux with vulnerabilities. The botnet takes advantage …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers review tens of millions of attack records every month, and most months, attacks targeting a single vulnerability …
NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai.
Botnet malware operations are …
After nearly a year of being disrupted by Google, the Glupteba malware botnet has again become active, infecting devices worldwide. As a result of Google’s efforts, the blockchain-enabled botnet could …
Threat actors are increasingly leveraging blockchain technology to launch cyberattacks. By taking advantage of the distributed and decentralized nature of blockchain, malicious actors can exploit its anonymity for a variety …
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-1028 is now tracked as Storm-1028.
To learn …
NOTE: The term “Zerobot” in this article refers to a specific malware variant. It is not in any way associated with zerobot.ai, an organization that offers a verbal chatbot service.…
The number of malware samples found in Internet of Things (IoT) devices has increased over the past few years due to two factors: IoT default credentials are not being changed, …
There’s a common saying in cyber security, “you can’t protect what you don’t know,” and this applies perfectly to the attack surface of any given organization.
Many organizations have hidden …
December 8, 2022 update – Reflected additional research on Boa-related CVEs and updated supply chain diagram.
Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack …
After FortiGuard Labs reported on RapperBot in our previous article titled So RapperBot, What Ya Bruting For? in August 2022, there was a significant drop in the number of samples …
Summary
Actions to take today to mitigate cyber threats from ransomware:
Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as…In April, VMware patched a vulnerability CVE-2022-22954. It causes server-side template injection because of the lack of sanitization on parameters “deviceUdid” and “devicetype”. It allows attackers to inject a payload …
Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.
We observed the active exploitation of CVE-2022-26134, …
This post is also available in: 日本語 (Japanese)
Executive SummaryIn early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes …
FortiGuard Labs has been tracking a rapidly evolving IoT malware family known as “RapperBot” since mid-June 2022. This family borrows heavily from the original Mirai source code, but what separates …
By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec.
Executive Summary Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to…Summary
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information …
In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices.
By Stephen Hilt, …
Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report.
We observed malicious activities in a …
In mid-March, FortiGuard Labs observed a new DDoS botnet calling itself “Enemybot” and attributing itself to Keksec, a threat group that specializes in cryptomining and DDoS attacks.
This botnet is …
Between February and March 2022, our FortiGuard Labs team observed that the Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits. Five new exploits were added …
By Juan Andres Guerrero-Saade (@juanandres_gs) and Max van Amerongen (@maxpl0it)
Executive Summary On Thursday, February 24th, 2022, a cyber attack rendered Viasat KA-SAT modems inoperable in Ukraine. Spillover from this…This is the story of piecing together information and research leading to the discovery of one of the largest botnet-as-a-service cybercrime operations we’ve seen in a while. This research reveals …
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers …
By Securonix Threat Labs, Threat Research: Oleg Kolesnikov, Den Iuzvyk, and Tim Peck
IntroductionOur researchers have identified EnemyBot, a brand new Linux-based botnet. At first glance and by analyzing the …
Cases of malicious e-mails to Russian companies have become more frequent. Attackers write on behalf of Banks, large air operators, car dealers and mass media. They offer cooperation to companies …