News

NjRAT is Spreading via Removable Media

Delaware, USA – November 29, 2018 – NjRAT remote access trojan was created based on the leaked Njw0rm source code, and it has a wide range of backdoor capabilities. NjRAT remote access trojan was created based on the leaked Njw0rm source code, and it has a wide range of backdoor capabilities. Researchers from Trend Micro […]

Scroboscope Ransomware Attacks

Delaware, USA – November 28, 2018 — This month, researchers discovered attacks spreading a new ransomware family. Scroboscope ransomware was created using PHP Devel Studio 3.0 and is distributed as EXE files. It is assumed that the most likely distribution vector is malspam campaigns with malicious attachments, but it is also possible that attackers hack […]

Monero-Mining Linux Malware Steals Credentials for Lateral Movement

Delaware, USA – November 27, 2018 — Adversaries are perfecting Monero-mining Linux malware, giving it new features to steal credentials and further spread via SSH. Dr.Web researchers have discovered a new complex trojan, which has many malicious features. Malware is a shell script of 1,000+ lines of code which finds a folder on disk to […]

Lateset Tricks of Emotet Malware

Delaware, USA – November 23, 2018 – Appeared four years ago, Emotet banking trojan continues to evolve and to use new tricks to infect its victims. Late last month, attackers added email harvesting module, and malware started to exfiltrate email subjects and bodies targeting any message sent or received in the past 180 days. The […]

OceanLotus Group Attacks Targets in Southeast Asia

Delaware, USA – November 22, 2018 – The OceanLotus group (aka APT32 or APT-C-00) conducts new large-scale cyber espionage campaign. The APT group is active since at least 2012 and mainly interested in government entities. Ongoing cyber espionage campaign started this September, the adversaries conduct watering hole attack compromising websites in Southeast Asia. Researchers from […]

APT28 Uses Cannon Malware in New Cyberespionage Campaign

Delaware, USA – November 21, 2018 – Researchers from Palo Alto Networks uncovered a new cyberespionage campaign conducted by APT28 and aimed at government organizations in North America and Europe. APT28 group, also known as Sofacy or Fancy Bear, is infamous for its large-scale campaigns and the use of sophisticated malware. In the uncovered campaign, […]

Attackers Hijack Websites with Drupal CMS

Delaware, USA – November 20, 2018 – Researchers from Imperva warn of a new wave of attacks on websites with the Drupal content management system. Adversaries use the Drupalgeddon2 (CVE-2018-7600) and DirtyCOW (CVE-2016-5195) exploits to gain access to a site and install the SSH client to perform further actions. Researchers spotted mass-scanning the Internet for […]

Cozy Bear is Back in Business After Their Year-Long Vacation

Delaware, USA – November 19, 2018 – Cozy Bear cyberespionage group conducts massive phishing campaign targeting the United States. The notorious hacking group is responsible for attacks on members of the Norwegian and Danish government last year and is also one of two groups that hacked the Democratic National Committee before the 2016 US Presidential […]

MageCart Reinfects 20% of Compromised Websites

Delaware, USA – November 16, 2018 – Security researcher Willem de Groot published statistics on MageCart attacks over the previous three months, which shows that threat actor reinfects every fifth online shop. Since August, adversaries have compromised 5,400 websites and injected skimmers on them, including successful attacks on British Airways, the web push notifications service […]

TEMP.Periscope Borrows Fancy Bear’s and Dragonfly’s Techniques

Delaware, USA – November 15, 2018 – The Chinese APT group TEMP.Periscope, also known as Leviathan hacker group, attacked a British engineering company using techniques of infamous threat actors allegedly associated with the Russian government. Researchers from Recorded Future published the results of a recent attack investigation. TEMP.Periscope attempted to steal technology and confidential information […]