A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion … [Read more...] about Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
Hackers
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the … [Read more...] about Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the … [Read more...] about Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak
The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the … [Read more...] about Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak
T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March prior to … [Read more...] about T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake … [Read more...] about Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers
U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, … [Read more...] about U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers … [Read more...] about Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a … [Read more...] about Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware
Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in … [Read more...] about Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware