In November 2022, OpenAI launched ChatGPT, which quickly became one of the most rapidly growing AI tools, attracting over 100 million users. The release of ChatGPT generated a lot of buzz because of its impressive capabilities.…
One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. There are different services that exist to vet such things as credit card numbers so that buyers can purchase with confidence.
Criminals are also very aware that anyone and in particular security researchers may want to interfere with their operations.…
Threat Actors (TAs) are constantly devising new methods to infect users for various reasons, such as avoiding detection from anti-virus solutions, increasing the chances of successfully infecting their targets, and inventive ways to compromise their victims.…
In January, the ASEC (AhnLab Security Emergency response Center) analysis team discovered that the RedEyes threat group (also known as APT37, ScarCruft) had been distributing malware by exploiting the HWP EPS (Encapsulated PostScript) vulnerability (CVE-2017-8291). This report will share the RedEyes group’s latest activity in Korea.…
DarkCloud is an Information Stealer Malware. It was first spotted by researchers in 2022. Such malware is designed to collect sensitive information from a victim’s computer or mobile device. Information stealers can be used to gather a variety of data, including passwords, credit card numbers, social security numbers, and other personal or financial information.…
Donation scams are fraudulent schemes where individuals or organizations falsely claim to be collecting money for a charitable cause, such as a natural disaster or a medical emergency, a recent example being the Kahramanmaras earthquake in Turkey and Syria. The scammers may ask for donations through email, social media, telephone calls, or door-to-door solicitations.…
The ASEC analysis team has recently discovered the distribution of Quasar RAT through the private Home Trading System (HTS). No information could be found when looking up the HTS called HPlus that was used in the attack. Furthermore, the company’s name could not be found in even the clause of the installation process, so it is assumed that the victims did not install their HTS from an institutional financial company, but instead, they got HPlus HTS through an unsanctioned source or a disguised financial investment company.…
On February 3rd, CERT-FR warned users about a ransomware attack targeting VMware ESXi servers to deploy ESXi Args Ransomware. The report also stated that the Threat Actors (TAs) leveraging a two-year-old vulnerability tracked as CVE-2021-21974. According to VMware, ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG contain a heap overflow vulnerability in OpenSLP.…
Since 2016, Mirai has been an active botnet that targets networking devices running Linux with vulnerabilities. The botnet takes advantage of these vulnerabilities in devices such as routers, IP cameras, and IoT devices to exploit them and gain complete control over the machine.…
Threat Actors (TAs) are using spam emails to trick individuals into downloading malware, such as Remote Access Trojans (RATs) and Stealers, to infect their devices and steal sensitive information. Cyble Research & Intelligence Labs (CRIL) closely monitors different malware families and routinely publishes informative blogs to educate our readers.…
Threat Actors (TAs) continuously adopt new tactics for infecting users for several reasons, including avoiding detection by anti-virus solutions, increasing the likelihood of successful infections, and seeking the challenge of creating new methods of infecting victims.
Recently, several malware families have been spotted using OneNote attachments in their spam campaigns.…
Information stealers are malware designed to steal sensitive information from infected computers, such as login credentials, financial data, and personal information. They typically do this by searching for specific types of files and data on the infected computer and then exfiltrating that information to a remote server controlled by the attackers.…
Secureworks® Counter Threat Unit™ (CTU) researchers investigated similarities between the Moses Staff hacktivist group persona that emerged in September 2021 and the Abraham’s Ax persona that emerged in November 2022. The analysis revealed several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers review tens of millions of attack records every month, and most months, attacks targeting a single vulnerability do not exceed 10% of the total number of attacks. However, we discovered that between August and October 2022, the number of attacks attempting to exploit a Realtek Jungle SDK remote code execution vulnerability (CVE-2021-35394) accounted for more than 40% of the total number of attacks.…
A new trend has been observed among Threat Actors (TAs) of using Golang for their information stealer malware. Golang, also known as Go, is a programming language developed by Google known for its simplicity, efficiency, and performance.…
The Amadey bot is a Trojan that was first discovered in 2018 and is used to steal sensitive information from the infected device. Initially, it was found to be distributed through exploit kits, and Threat Actors (TAs) utilized it to deploy other malware, such as the GrandCrab ransomware and the Flawed Ammyy Remote Access Trojan.…
Threat Actors (TAs) are increasingly using spam emails and phishing websites to trick users into downloading malware such as Stealer and Remote Access Trojan (RAT) to infect users’ machines and steal sensitive information.
Cyble Research & Intelligence Labs (CRIL) is actively monitoring various stealer malware and publishing blogs about them to inform and educate its readers.…
Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely monitored.…
By Tom Hegel and Aleksandar Milenkoski
Executive Summary Pro-Russia hacktivist group NoName057(16) is conducting a campaign of DDoS attacks on Ukraine and NATO organizations that began in the early days of the war in Ukraine. Targets have included government organizations and critical infrastructure. NoName057(16) was responsible for disrupting services across the financial sector of Denmark this week.…