A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the … [Read more...] about Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks
Hackers
North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide
Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking … [Read more...] about North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide
GootLoader Hackers Targeting Employees of Law and Accounting Firms
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the … [Read more...] about GootLoader Hackers Targeting Employees of Law and Accounting Firms
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the … [Read more...] about Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker … [Read more...] about NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately … [Read more...] about Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the … [Read more...] about Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers
Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw … [Read more...] about Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector
Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are "just the tip of the iceberg." "The group tried to access some internal documents (such as flight schedules and documents … [Read more...] about Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector
Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets
Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated activity designed to scrape people's public and private data targets every website or … [Read more...] about Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets