APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]
Lazarus APT has become a frequent guest of our blog posts. According to the recent security reports, North Korean State-Sponsored APT acts quickly, jeopardizing financial and critical infrastructures, blockchain technology-oriented companies, and the cryptocurrency sector. The U.S. government organizations released details about malware-laced cryptocurrency applications under the umbrella term “TraderTraitor”, distributed via a phishing campaign […]
Hackers have infiltrated Google search results, driving traffic to a bogus website mimicking legitimate Microsoft pages with Windows OS updates. To be more precise, adversaries are using the “windows11-upgrade11[.]com” domain to host and spread information stealer malware disguised as a Windows 11 updates pack. Tricked users download fake updates, in reality getting an ISO file […]
A notorious APT group, Lazarus, sponsored by North Korea’s government, expands its attack surface, targeting entities in the chemical sector along with IT organizations, mostly in South Korea. Researchers believe that the latest campaign is a part of Lazarus’ Operation Dream Job plans, detected in August 2020. Lazarus Activity Detection SOC Prime released a batch […]
The US governmental agencies – CISA, FBI, NSA, and the Energy Department – along with several corporate teams of cybersecurity researchers have sounded the alarm about nationwide threats to industrial control systems (ICS). According to the security investigators, APT actors leverage a destructive toolset to take over targeted machines upon establishing initial access to the […]
During the previous month, the attention and experience of the cybersecurity experts were especially required to help the industry withstand emerging devastating threats. Devoted members of the Threat Bounty community provided detections to protect against such threats as HermeticWiper, the FoxBlade malware, the attack of APT41 against the U.S. state government networks, exploitations of the […]
A novel Traffic Direction System (TDS), dubbed Parrot TDS, takes advantage of a network of hacked servers that host websites to route victims that fit the required profile to domains used to run scamming schemes or distribute malware. According to the current data, the number of compromised websites has reached 16,500 and counting. Adversaries primarily […]
China-backed collective tagged Hafnium (sometimes referred to as APT) has been spotted launching attacks on devices running Windows. The tool they used to generate “hidden” scheduled tasks and establish persistence within Windows instances under attack is dubbed Tarrask malware. Experts report about Internet and data providers being attacked extensively, within the most active attack time […]
Security researchers report alarming activity associated with a tailor-made malware dubbed Denonia to target Amazon Web Services (AWS) Lambda environments. The malware is written in the Go language. Once in the system, it is used to download, install, and execute the XMRig cryptomining files for Monero cryptocurrency mining. Detect Denonia Malware AWS Lambda malware, aka […]
A new wave of phishing delivering Remcos RAT payload has been observed by security researchers. Remcos is a commercial remote administration trojan developed by Breaking Security firm, that is accessible for free from their website. According to the source that developed this tool, Remcos is capable of downloading entire folders in one click, using a […]