State-run threat actor Lazarus rides again, this time exploiting the notorious Log4Shell vulnerability in VMware Horizons servers. In this campaign, adversaries leverage Horizon, targeting the Republic of Korea with a NukeSped backdoor. First documented exploits date back to January 2022, with Lazarus hackers being spotted exploiting Log4Shell in VMware Horizons products since mid-Spring 2022. Almost […]
Security researchers report on malicious activity associated with the distribution of BumbleBee malware traced back to the initial access broker (IAB) dubbed Exotic Lily. Research data suggest that adversaries use the file transfer tools such as TransferXL, TransferNow, and WeTransfer, to spread BumbleBee malware. The malware is used to launch Cobalt Strike attacks. Detect BumbleBee […]
As Discord is gaining extreme popularity among online user communities, with 150 million people using it as of 2021, hackers turn their sights to this chat, VoIP, and digital distribution platform. The possible attack surface is vast and promising, allowing threat actors to abuse Discord for malware distribution and other nefarious actions. Recently, security researchers […]
Germany-located users are falling victim to a new malware campaign designed to spread a custom-built PowerShell remote access trojan (RAT). Adversaries set up a decoy site to trick people into taking the bait in a phony newsflash that claims to offer previously unpublished information regarding the situation in Ukraine. Victims are urged to download a […]
Microsoft has recently uncovered yet another piece of malware leveraged by the infamous NOBELIUM APT group since spring 2021. The new threat, dubbed FoggyWeb, acts as a post-exploitation backdoor able to exfiltrate information from Active Directory Federation Services (AD FS) servers. Malware has been used in targeted attacks against multiple organizations globally while staying unnoticed […]
Israeli spyware firm Candiru supplied zero-day exploits to the nation-baked actors globally, Microsoft and Citizen Lab revealed. According to the analysis, Candiru leveraged previously unknown zero-day bugs in Windows and Chrome to power its high-end spyware dubbed DevilsTongue. Although DevilsTongue was marketed as a “mercenary software” facilitating surveillance operations for government agencies, it was identified […]
WildPressure ATP group, known for its repeating attacks against the oil and gas sector in the Middle East, has recently upgraded its malicious toolkit with a new version of Milum Trojan. The enhancements made to the strain allow adversaries to compromise macOS devices alongside traditional Windows systems. According to security experts, the Trojan is able […]
Hundreds of companies have been recently exposed to a massive supply chain attack on the software company Kaseya. A zero-day bug in Kaseya’s VSA software was nefariously leveraged by the REvil gang to infect 30 managed service providers (MSPs) and multiple their customers with ransomware. Although the vendor has been aware of the vulnerability since […]
Security researchers from FortiGuard Labs have uncovered a new FormBook variant being delivered in a massive phishing campaign. Particularly, adversaries target users with malware-laced Microsoft PowerPoint documents disguised as a follow-up to the recent purchase order. Those who fell for the bait of scammers got their devices infected with a notorious data-stealing malware. New FormBook […]
Security experts from Kaspersky Lab have uncovered a long-lasting cyber espionage operation launched by a Chinese nation-backed actor to target government and military institutions across Vietnam. The hacker group, known as Cycldek, APT27, GoblinPanda, and LuckyMouse, relied on a brand-new and highly evasive remote access Trojan to reach its malicious goal. The RAT, called FoundCore, […]