A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware. Lookout details four spyware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle —…
A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a backdoor granting attackers SYSTEM-level privileges, researchers warn. In a company blog post and more detailed threat report, Trustwave and its SpiderLabs team identified the accounting software as Intelligent Tax, which was reportedly developed by the…
Australian Prime Minister Scott Morrison warned late last week that a sophisticated, state-sponsored cyber actor has been attacking the country’s government and corporate institutions, as well as critical infrastructure operators, with increasing regularity. Morrison did not name-and-shame the specific country that is responsible for the alleged attacks. But inside sources told Reuters that China is…
A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…
The U.S. National Security Agency on Thursday issued an advisory alleging that hackers from Russia’s Main Intelligence Directorate (GRU) have been actively exploiting a remote code execution vulnerability in Exim Mail Transfer Agent (MTA) software, found in Unix-based systems. Researchers and analysts reacting to the agency’s warning say the announcement is an important reminder that…
A suspected Chinese APT group used a newly discovered modular backdoor to infect at least one video game developer’s build orchestration server and at least one other company’s game servers, researchers have reported. Although these attacks appear to have taken place prior to March, such incidents are now more important than ever to detect and…
Air-gapped networks aren’t easily compromised, but they don’t offer perfectly air-tight security either. Leveraging insider threats, infecting flash drives and other removable media, and conducting side-channel attacks are all techniques malicious actors can employ to spread malware to isolated systems. Indeed, researchers at ESET are reporting the discovery of a new cyber espionage framework designed…
The Cybersecurity and Infrastructure Security Agency (CISA) and two other federal agencies issued malware analysis reports (MAR) for three North Korean-government operated APTs and trojans. The malware analyzed by CISA, the Department of Defense and the FBI are code-named Copperhedge, Taintedscribe and Pebbledash, all three of which are believed to be operated by the North…
MacOS users who think they have protected themselves by downloading a particular two-factor authentication application may have actually infected their machines with a new variant of the Dacls remote access trojan. When Dacls was originally discovered in late 2019, it was known to target Windows and Linux platforms, but now it appears Macs are no…
A long-running malware campaign whose activity dates back to 2016 has been using a sophisticated playbook of tricks to sneak trojanized Android apps into the Google Play Store as well as third-party marketplaces. Researchers from Kaspersky have dubbed the campaign PhantomLance and, based on certain calling cards, have attributed it with medium confidence to the…
