Threat actors involved in network traffic redirection to malicious sites hosting malware, also known as traffers, have been crucial in the cybercrime economy despite their discreetness, according to TechRepublic.
More highly skilled and new cybercriminals have been working in traffer groups to facilitate website compromise and redirect users to malware-laden sites, a Sekoia report revealed. Five to 22 new traffer teams have been created monthly so far in 2022 based on figures from the "lolz Guru" underground forum. Moreover, traffer teams, which usually include team administrators, have been observed to either combine with other teams or restart operations.
Researchers also found that traffers have been leveraging their dedicated malware delivery chains, with usage of websites spoofing software installation pages or blogs being a prevalent delivery method. However, most have been abusing the "911" approach, which pertains to malware link delivery through stolen YouTube accounts. Such accounts have been used to upload videos luring potential victims into downloading and executing a file while deactivating Windows Defender, they added.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.