VMware's Threat Analysis Unit says it has observed up to 85 command-and-control servers supported by ShadowPad malware variants since September 2021, according to The Hacker News.
The VMware TAU said it had been studying three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for communications between C2 servers and the team was able to detect the servers by using a tool called ZMap to generate a list of open hosts and scanning them. According to the group, it also found samples of Spyder and ReverseWindow malware, both malicious tools deployed by threat actors Winnti and LuoYu, communicating with ShadowPad C2 IP addresses.
The team also reported observing overlaps between the Spyder sample and a Worker component of Winntis 4.0 trojan.
Scanning APT malware C2s on the Internet is sometimes like finding a needle in a haystack. However, once the C2 scanning works, it can become a game changer as one of the most proactive threat detection approaches, according to Takahiro Haruyama, a senior threat researcher at VMware TAU.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.