Tag: Malware

Nation-Backed APT Attack Detection: Microsoft and OpenAI Warn of AI Exploitation by Iranian, North Korean, Chinese, and russian Hackers 
Nation-Backed APT Attack Detection: Microsoft and OpenAI Warn of AI Exploitation by Iranian, North Korean, Chinese, and russian Hackers 

Throughout 2023, the frequency and sophistication of attacks have increased along with the swift evolution and adoption of AI technology. Defenders are just starting to grasp and leverage the potential of generative AI for defensive purposes to outpace adversaries, while the offensive forces don’t fall behind. Hackers have been abusing AI-powered technologies, like ChatGPT, to […]

Read More
Troll Stealer Detection: Novel Malware Actively Leveraged by North Korean Kimsuky APT
Troll Stealer Detection: Novel Malware Actively Leveraged by North Korean Kimsuky APT

The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]

Read More
Volt Typhoon Attacks: Chinese Nation-Backed Actors Focus Malicious Efforts at the US Critical Infrastructure
Volt Typhoon Attacks: Chinese Nation-Backed Actors Focus Malicious Efforts at the US Critical Infrastructure

State-sponsored hackers acting on behalf of the Beijing government have been organizing offensive operations aimed at collecting intelligence and launching destructive campaigns against the US and global organizations for years, with multiple observed attacks being related to such groups as Mustang Panda or APT41. The latest joint alert by the intelligence agencies of the US, […]

Read More
Mispadu Stealer Detection: A New Banking Trojan Variant Targets Mexico While Exploiting CVE-2023-36025
Mispadu Stealer Detection: A New Banking Trojan Variant Targets Mexico While Exploiting CVE-2023-36025

Cybersecurity researchers recently unveiled a new variant of a stealthy info-stealing malware known as Mispadu Stealer. Adversaries behind the latest attacks against Mexican users leveraging Mispadu banking Trojan have been observed exploiting a recently fixed Windows SmartScreen vulnerability tracked as CVE-2023-36025. Detect Mispadu Stealer  With dozens of new malware samples emerging in the cyber domain […]

Read More
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware

In addition to the rising frequency of cyber attacks by the infamous UAC-0050 group targeting Ukraine, other hacking collectives are actively trying to infiltrate the systems and networks of Ukrainian organizations. At the turn of February 2024, defenders identified over 2,000 computers infected with DIRTYMOE (PURPLEFOX) malware as a result of a massive cyber attack […]

Read More
UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities
UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities

Just slightly over a week after the UAC-0050 group’s attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing group’s campaign involving mass email distribution and masquerading the senders as State Service of Special Communications and Information Protection of […]

Read More
Phemedrone Stealer Detection: Threat Actors Exploit CVE-2023-36025 Vulnerability in Windows SmartScreen to Deploy Malware
Phemedrone Stealer Detection: Threat Actors Exploit CVE-2023-36025 Vulnerability in Windows SmartScreen to Deploy Malware

This time security researchers report a malicious campaign leveraging a now-patched Windows SmartScreen flaw (CVE-2023-36025) to drop the Phemedrone payload. Phemedrone is an open-source information stealer capable of siphoning data from crypto wallets, chatting apps, popular software, and more. Detect Phemedrom Stealer  With over 1 billion malware samples circulating in the cyber domain, security professionals […]

Read More
UAC-0050 Attack Detection: Hackers Are Armed with Remcos RAT, Quasar RAT, and Remote Utilities to Target Ukraine Once Again
UAC-0050 Attack Detection: Hackers Are Armed with Remcos RAT, Quasar RAT, and Remote Utilities to Target Ukraine Once Again

At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the group’s offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities.  UAC-0050 Offensive Activity Overview Based on the […]

Read More
Lumma Stealer Malware Detection: Hackers Abuse YouTube Channels to Spread a Malware Variant
Lumma Stealer Malware Detection: Hackers Abuse YouTube Channels to Spread a Malware Variant

Recent cybersec reports unveil a series of attacks in which hackers take advantage of YouTube channels to spread the Lumma malware variant. Lumma malicious strain designed for stealing sensitive data has been in the limelight since 2022, actively promoted by adversaries on hacking websites and continuously undergoing multiple updates and enhancements.  This blog article gains […]

Read More
UAC-0184 Attack Detection: Targeted Phishing Attacks Against the Armed Forces of Ukraine Using Remcos RAT and Reverse SSH
UAC-0184 Attack Detection: Targeted Phishing Attacks Against the Armed Forces of Ukraine Using Remcos RAT and Reverse SSH

Hard on the heels of the phishing campaign against Ukraine spreading Remcos RAT, another offensive operation relying on a similar adversary toolkit comes to the scene. At the end of December 2023, Trendmicro researchers reported CERT-UA about suspicious military-related files sent through a series of new phishing attacks against Ukraine. The uncovered malicious activity aimed […]

Read More