On April 26, 2022, cybersecurity researchers reported about an ongoing phishing cyber-attack on Ukraine spreading GraphSteel and GrimPlant malware strains according to the latest CERT-UA warning. The malicious activity is attributed to the behavior patterns of the hacking collective tracked as UAC-0056, a nefarious cyber espionage group also dubbed SaintBear, UNC258, or TA471. The targeted […]
Lazarus APT has become a frequent guest of our blog posts. According to the recent security reports, North Korean State-Sponsored APT acts quickly, jeopardizing financial and critical infrastructures, blockchain technology-oriented companies, and the cryptocurrency sector. The U.S. government organizations released details about malware-laced cryptocurrency applications under the umbrella term “TraderTraitor”, distributed via a phishing campaign […]
Hackers have infiltrated Google search results, driving traffic to a bogus website mimicking legitimate Microsoft pages with Windows OS updates. To be more precise, adversaries are using the “windows11-upgrade11[.]com” domain to host and spread information stealer malware disguised as a Windows 11 updates pack. Tricked users download fake updates, in reality getting an ISO file […]
On April 18, 2022, CERT-UA issued an alert warning of ongoing cyber-attacks targeting Ukrainian state bodies. According to the research, government officials were exposed to targeted phishing attacks using emails related to Azovstal that contained malicious attachments spreading Cobalt Strike Beacon malware. The detected activity reflects the behavior patterns associated with the hacking collective tracked […]
The US governmental agencies – CISA, FBI, NSA, and the Energy Department – along with several corporate teams of cybersecurity researchers have sounded the alarm about nationwide threats to industrial control systems (ICS). According to the security investigators, APT actors leverage a destructive toolset to take over targeted machines upon establishing initial access to the […]
During the previous month, the attention and experience of the cybersecurity experts were especially required to help the industry withstand emerging devastating threats. Devoted members of the Threat Bounty community provided detections to protect against such threats as HermeticWiper, the FoxBlade malware, the attack of APT41 against the U.S. state government networks, exploitations of the […]
The 7-Zip file archiver versions of 21.07 have a serious security weak point. 7-Zip is one of the most in-demand tools to compress and package files with a wide array of supported formats including 7z, ZIP, GZIP, BZIP2, and TAR. The vulnerability tracked as CVE-2022-29072 grants adversaries elevated access and command execution when a file […]
A novel Traffic Direction System (TDS), dubbed Parrot TDS, takes advantage of a network of hacked servers that host websites to route victims that fit the required profile to domains used to run scamming schemes or distribute malware. According to the current data, the number of compromised websites has reached 16,500 and counting. Adversaries primarily […]
China-backed collective tagged Hafnium (sometimes referred to as APT) has been spotted launching attacks on devices running Windows. The tool they used to generate “hidden” scheduled tasks and establish persistence within Windows instances under attack is dubbed Tarrask malware. Experts report about Internet and data providers being attacked extensively, within the most active attack time […]
On April, 14, the Computer Emergency Response Team of Ukraine (CERT-UA) issued a new heads-up that warns of an ongoing cyber-attack leveraging the infamous IcedID malware designed to compromise Ukrainian state bodies. The detected malware also dubbed as BankBot or BokBot is a banking Trojan primarily designed to target financial data and steal banking credentials. […]