The Hacker News reports that improvements have been introduced by the DoNot Team operation, also known as Viceroy Tiger and APT-C-35, to its Jaca Windows malware toolkit, including a new stealer module for exfiltrating browser-stored data.
Numerous versions of DoNot Team's yty malware framework, including Jaca, have been found in the group's attacks against South Asian military entities, with the operation leveraging RTF documents to facilitate shellcode piece execution that eventually leads to a second-stage shellcode download from its command-and-control server, according to a Morphisec report. A DLL file is then retrieved by the second-stage from a separate remote server prior to the commencement of the infection.
The report also showed that updated Jaca modules have enabled exfiltration of web browser-stored information, files, screenshots, and keystrokes.
"Defending against APTs like the DoNot Team requires a Defense-in-Depth strategy that uses multiple layers of security to ensure redundancy if any given layers are breached," added researchers.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.