Researchers have spotted the MuddyWater, Fin8 and Platinum cybergangs all making an unwanted comeback following an observed increase in malicious activity over the last few weeks. Trend Micro came across several campaigns its researchers believe contain the hallmarks of MuddyWater. But this time around the group apparently deployed a new multi-stage PowerShell-based backdoor called POWERSTATS…
The reputed Chinese state-sponsored threat group APT10 appears to be the culprit behind a campaign this past April that sought to distribute PlugX and Quasar RAT malware via one of two newly discovered downloader variants. Researchers from enSilo uncovered the campaign after samples were collected from one or more targets based in the Philippines. PlugX and…
A recent malware campaign targeting investment companies and diplomatic agencies has shed light on some of the newest practices and tools of reputed North Korean APT group ScarCruft. While investigating this campaign, researchers from Kaspersky Lab observed a tool for harvesting Bluetooth device data and were able to analyze the group’s multistage binary infection procedure.…
The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra. ELECTRICFISH is attributed to North Korea. The 32-bit Windows executable file is a command-line utility…
Some of the U.S. government-linked exploit tools that were published online by the Shadow Brokers hacking group in 2016 and 2017 were actually employed by Chinese actors well before that infamous leak occurred, researchers say. In a blog post yesterday, Symantec reported that its threat research team discovered evidence that cyber espionage actor APT3, aka…
Researchers have uncovered what they say is the very first malware to achieve persistence in Microsoft Exchange email servers, which allows attackers to secretly execute commands via malicious emails featuring attachments with hidden code. Dubbed LightNeuron, the furtive backdoor has been targeting Exchange servers since at least 2014, according to a blog post from ESET,…
The Hong Kong division of human rights organization Amnesty International said yesterday that its offices were recently targeted by a sophisticated cyberattack that bore the hallmarks of Chinese state-sponsored actors. A press release issued by the non-governmental organization’s Hong Kong chapter said that suspicious activity was detected on March 15, although it does not state…
State-sponsored hackers are behind a large-scale DNS hijacking campaign that since January 2017 has been responsible for compromising at least 40 organizations across 13 countries, researchers from Cisco Talos have reported. Primarily targeting the Middle East and North Africa, the attackers are looking to harvest credentials that grant them access to sensitive networks belonging to…
The U.S. Department of Homeland Security and FBI have jointly released an official Malware Analysis Report detailing several variants of HOPLIGHT, a trojan malware program used by hackers from Hidden Cobra, an APT group that’s been widely linked to the North Korean government. Upon execution, HOPLIGHT allows attackers to collect victim machine information, connect to…
Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…
