Our researchers analyzed the HermeticRansom malware also known as Elections GoRansom. By and large, this is a fairly simple cryptor. What is interesting in this case is the purpose for which attackers are using it. HermeticRansom goals HermeticRansom attacked computers at the same time as another malware known as HermeticWiper, and based on publicly available information from … [Read more...] about HermeticRansom used as a smokescreen for wiper attacks
attacks
CrowdStrike Protects from Wiper Malware Used in Ukraine Attacks
On Feb. 23, 2022, a new wiper malware was reported targeting Ukraine systems The wiper destroys files on infected Windows devices by corrupting specific elements of connected hard drives CrowdStrike Intelligence refers to this destructive malware as DriveSlayer DriveSlayer is the second recent destructive malware targeting Ukraine, following WhisperGate The CrowdStrike Falcon® … [Read more...] about CrowdStrike Protects from Wiper Malware Used in Ukraine Attacks
Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA
Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is decrypted in memory using a custom decryption algorithm," researchers from Secureworks … [Read more...] about Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA
CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, … [Read more...] about CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
Palestinian Hackers Use New NimbleMamba Implant in Recent Attacks
An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba. The intrusions leveraged a sophisticated attack chain targeting Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline, enterprise security … [Read more...] about Palestinian Hackers Use New NimbleMamba Implant in Recent Attacks
How to Protect Cloud Workloads from Zero-day Attacks
Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with … [Read more...] about How to Protect Cloud Workloads from Zero-day Attacks
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input … [Read more...] about Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting … [Read more...] about Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine
Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the … [Read more...] about Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks
New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by … [Read more...] about New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks