Threat actors have been leveraging the new traffic direction system dubbed Parrot, which depends on servers hosting 16,500 websites, in the FakeUpdate campaign that uses fake browser update notices to distribute remote access trojans, reports BleepingComputer.
While the FakeUpdate campaign has only begun in February, Parrot activity may have started since last October, an Avast report revealed. "One of the main things that distinguishes Parrot TDS from other TDS is how widespread it is and how many potential victims it has. The compromised websites we found appear to have nothing in common apart from servers hosting poorly secured CMS sites, like WordPress sites," said Avast. Attackers have been observed to deploy the NetSupport Client RAT on targeted systems, while many servers compromised by the Parrot TDS have also been hosting sites for Microsoft credential phishing. Over 600,000 Avast clients have been protected against the campaign last month alone, with Brazil, India, the US, Singapore, and Indonesia accounting for the most number of users targeted by the malicious Parrot redirections, according to Avast.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.