TROJAN – Cybersecurity News Everyday

Qbot is Back Connect

January 21, 2025January 21, 2025 iocOne

QBot, a modular information stealer, has resurfaced following law enforcement actions aimed at its operators. Recent research indicates the use of DNS tunneling in conjunction with Zloader, revealing connections to new backConnect malware that may be utilized in ransomware attacks. Affected: QBot operators, financial institutions, cybersecurity sector

Keypoints :

QBot, also known as Qakbot or Pinkslipbot, has been active since 2007.…

Threat Research

RST TI Report Digest: January 20, 2025

January 20, 2025January 20, 2025 iocOne

This weekly threat intelligence report from RST Cloud summarizes 49 threat intelligence reports, highlighting various cyber threats and tactics used by different threat actors. Notable campaigns include “Sneaky 2FA,” which targets Microsoft 365 accounts, and “Contagious Interview,” a social engineering tactic by the Lazarus APT group.…

Cyber Security News

Missing Link: The Era of Ransomware Begins with a 5.25″ Floppy Disk

January 20, 2025 iocOne

This article discusses the origins and evolution of ransomware, tracing back to the first known instance involving a floppy disk labeled “AIDS Information” sent in 1989. It highlights the impact of ransomware on individuals and organizations, the methods used by cybercriminals, and the ongoing threat posed by such attacks today.…

Info Data Leak

Cybersecurity News Review – Week 3 (2025)

January 18, 2025January 18, 2025 iocOne

This week’s cybersecurity newsletter highlights critical vulnerabilities in Fortinet and BeyondTrust products, the exploitation of multiple zero-day flaws by Microsoft, and emerging ransomware tactics targeting AWS. Additionally, it discusses a significant data breach at Stiiizy, the impact of healthcare data breaches in the US, and various government responses to cyber threats.…

Threat Research

SharpRhino: An old, new threat

January 17, 2025January 17, 2025 Securonix

SharpRhino is a new RAT malware utilized by the Hunters International threat group, delivered as a legitimate software installer. It uses PowerShell scripts to execute encoded .NET assemblies for remote command execution and communicates with a C2 server over encrypted traffic. Affected: Windows

Keypoints :

SharpRhino is based on the open-source project ThunderShell.…

Info Data Leak

FBI Deletes Chinese PlugX Malware From Thousands of US Computers

January 16, 2025January 18, 2025 Cyware

Summary: The U.S. Department of Justice announced the FBI’s successful deletion of Chinese PlugX malware from over 4,200 infected computers across the U.S. This malware, linked to the Mustang Panda group, had been used for cyber espionage against various global targets, including governments and dissident groups.…

Threat Research

DigitalPulse Proxyware Being Distributed Through Ad Pages

January 16, 2025 Ahnlab

AhnLab Security Intelligence Center (ASEC) has identified a new proxyjacking attack that installs proxyware through advertisement pages of freeware software sites. The proxyware, signed with a Netlink Connect certificate, is similar to the DigitalPulse proxyware used in previous attacks. Users may unknowingly install a program called AutoClicker, which hijacks their network bandwidth for the benefit of threat actors.…

Threat Research

Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights

January 16, 2025 Securonix

The 2024 Annual Cyber Threat Report reveals a significant increase in cyber threats, including advanced persistent threats (APTs) and evolving tactics used by attackers. Key incidents include the resurgence of LockBit ransomware, exploitation of vulnerabilities in widely-used technologies, and notable data breaches affecting major organizations. Affected: Ivanti Connect Secure, GlobalProtect, CrowdStrike, Snowflake, Palo Alto Networks

Keypoints :

Emerging threats exploit vulnerabilities in Ivanti Connect Secure and GlobalProtect VPN.…

Cyber Security News

Indonesia Targeted in Global Cyber Attacks: FBI Disrupts PlugX Malware, Lazarus Group Exploits Web3 Developers

January 16, 2025January 16, 2025 admin

In recent months, Indonesia has found itself at the center of two significant global cyber threats, highlighting the growing sophistication and reach of state-sponsored and financially motivated hacking groups. These incidents underscore the importance of cybersecurity vigilance in the face of increasingly complex attacks.

FBI Disrupts PlugX Malware Campaign Affecting Indonesia

The U.S.…

Cyber Security News

FBI Uses Malware’s Own ‘Self-Delete’ Trick to Erase Chinese PlugX From US Computers

January 16, 2025 SecurityWeek

Summary: The FBI, in collaboration with French law enforcement and cybersecurity firm Sekoia.io, successfully utilized the self-delete feature of the PlugX malware to remove it from over 4,200 infected computers in the U.S. This operation targeted the Mustang Panda group, a hacking organization linked to the Chinese government, which has been using PlugX as a Remote Access Trojan since 2008.…

Cyber Security News

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry

January 16, 2025 RecordedFuture

Summary: A suspected Ukraine-linked hacker group, Sticky Werewolf, is targeting Russian scientific and industrial enterprises through a new cyber-espionage campaign. The group has been using fraudulent emails that appear to come from Russia’s Ministry of Industry and Trade to deliver malware, specifically the Ozone remote access trojan.…

Info Data Leak

North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks

January 16, 2025January 18, 2025 DarkReading

Summary: North Korea’s Lazarus group has initiated a new campaign, dubbed Operation 99, targeting software developers through deceptive job postings on LinkedIn. The attackers lure victims into downloading malicious Git repositories that steal sensitive data, including source code and cryptocurrency. This sophisticated operation showcases the group’s evolving tactics, including the use of AI-generated profiles to enhance credibility and deception.…

Cyber Security News

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

January 15, 2025 TheHackerNews

Summary: The U.S. Department of Justice announced a successful operation by the FBI to remove PlugX malware from over 4,250 infected computers, linked to the Mustang Panda hacking group associated with China. This operation is part of a broader effort to combat state-sponsored cyber threats targeting various nations and organizations.…

Threat Research

Kimsuky Hacking Group’s Malware Attack on the Korean Defense Industry Association – Defense Industry Digital Innovation Seminar (Planned) (2025.1.12)

January 15, 2025 iocOne

This article discusses the malicious activities of the North Korean hacking group Kimsuky, which targets the Korea Association of Defense Industry Studies. The group is known for its various espionage missions, including the distribution of malware disguised as a seminar invitation. The malware is delivered via email and executes harmful scripts upon opening an attached document.…

Threat Research

Origins of A Logger – Agent Tesla

January 15, 2025January 15, 2025 iocOne

The article discusses the evolution and impact of the Agent Tesla malware and its variant, Origin Logger, which have been pivotal in the Malware-as-a-Service (MaaS) ecosystem since 2014. The report details the methods of the developers, their targeted sectors, and the ongoing business email compromise (BEC) attacks.…

Threat Research

The Evolution of Ransomware: From Simple Encryption to Double Extortio…

January 15, 2025 SocRadar

The article discusses the evolution of ransomware from its inception in the late 1980s to its current state as a sophisticated and multi-faceted threat. It highlights key developments, including the introduction of cryptocurrencies, the rise of Ransomware-as-a-Service (RaaS), and the emergence of double and triple extortion tactics.…

Info Data Leak

FBI wipes Chinese PlugX malware from over 4,000 US computers

January 15, 2025January 18, 2025 BleepingComputer

Summary: The U.S. Department of Justice announced the FBI’s successful deletion of Chinese PlugX malware from over 4,200 infected computers across the United States, part of a global takedown operation. The malware, linked to the Mustang Panda group, had been used for cyber espionage against various international targets.…

Trash

The Feed 2025, 01, 14

January 14, 2025January 15, 2025 iocOne

A summary of recent cybersecurity threats including ransomware targeting AWS S3 buckets, a macOS vulnerability allowing SIP bypass, a cyber espionage campaign linked to Russia, and exploitation of a critical RCE vulnerability in Aviatrix Controller. Affected: AWS, macOS, Aviatrix, Microsoft Office

Keypoints :

Codefinger ransomware targets Amazon S3 buckets using SSE-C.…

Tag: TROJAN