A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor … [Read more...] about Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion
Targeting
New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's "main purpose is to build an infrastructure for further attacks on high-value … [Read more...] about New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers
Yet Another Data Wiping Malware Targeting Ukrainian Networks
Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the … [Read more...] about Yet Another Data Wiping Malware Targeting Ukrainian Networks
Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy … [Read more...] about Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
How to Decrypt the PartyTicket Ransomware Targeting Ukraine
Summary On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper). Analysis of … [Read more...] about How to Decrypt the PartyTicket Ransomware Targeting Ukraine
Microsoft Uncovers New Details of Russian Hacking Campaign Targeting Ukraine
Microsoft on Friday shared more of the tactics, techniques, and procedures (TTPs) adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations (NGO), judiciary, law enforcement, and … [Read more...] about Microsoft Uncovers New Details of Russian Hacking Campaign Targeting Ukraine
QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to … [Read more...] about QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
GootLoader Hackers Targeting Employees of Law and Accounting Firms
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the … [Read more...] about GootLoader Hackers Targeting Employees of Law and Accounting Firms
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker … [Read more...] about NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by … [Read more...] about New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks