HAFNIUM APT Exploits Microsoft Exchange Zero-Days to Steal Data and Install Malware In January 2021, security researchers from Violexity revealed a long-term malicious operation launched by China-affiliated HAFNIUM APT against a number of unnamed organizations. Threat actors leveraged a set of previously undisclosed zero-day vulnerabilities in Microsoft Exchange to access sensitive corporate information and perform […]
Cybersecurity analysts have detected a sophisticated malware sample that attacks Apple users in the wild. The joint research from Red Canary, Malwarebytes, and VMWare Carbon Black details that approximately 30,000 hosts across 153 countries have been compromised by the new threat dubbed Silver Sparrow. The topmost infection rates were spotted in the United States, Canada, […]
The French National Agency for the Security of Information Systems (ANSSI) revealed a three-year-long operation launched by Sandworm APT against major IT and web hosting providers in France. The ANSSI advisory details that the campaign started back in 2017 and resulted in a series of subsequent breaches, including the compromise of Centreon, a monitoring software […]
Security experts from Anomali have revealed a targeted cyber-espionage operation aimed at the United Arab Emirates (UAE) and Kuwait governments. The malicious campaign was launched by an Iranian state-sponsored actor known as MuddyWater (Static Kitten, MERCURY, Seedworm). According to the researchers, adversaries relied on the legitimate software tool ConnectWise Control (formerly ScreenConnect) to move laterally […]
The challenging year of 2020 saw many businesses increase their reliance on the internet, shifting to work-from-home workforces. Such a trend resulted in a blasting spike in video conferencing apps usage. Cyber criminals didnāt miss the chance to advantage their malicious perspectives. Starting from spring 2020, they registered many fake domains to deliver malicious ads […]
Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasarās code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]
Threat analysts from Google warn of a current malicious campaign aimed at vulnerability researchers and Red Team members. Reportedly, a North Korean nation-backed actor stands behind this operation, leveraging novel social engineering methods to approach individual security practitioners via bogus social media profiles. Attack Against Security Researchers The campaign overview from the Google Threat Analysis […]
Adversaries apply a malicious Golden SAML method to expand a scale of compromise related to the SolarWinds hack. Although security researchers initially considered that the SolarWinds Orion software was a single access vector, further investigation reveals that the Golden SAML technique allows achieving persistence on any instance within a targeted cloud environment that maintains SAML […]
The banking sector has always been an attractive target for cyber-criminals. After Zeus and Gozi emerged in 2007, prominent banking Trojans regularly made the headlines by emptying accounts of customers. Recently, security researchers have spotted yet another member of the financial malware family. This time the campaign is aimed at the US and Canadian banking […]
Delaware, USA ā June 18, 2019 ā One of the leaders of airplane parts manufacturing was informed to have shut down operations at its plants because of a large-scale ransomware attack. Asco Industries who is the leader in the design and manufacture of major functional components for Boeing and Airbus commercial passenger jets, Airbus A400M […]