Cyber Espionage | SC Media

Cyber Espionage

Hacker-for-hire groups profit by commoditizing APT tactics

In the span of just over three months, researchers have exposed three mercenary, “hacker-for-hire” groups engaging in industrial espionage and stealing corporate secrets for profit. Despite using tactics, techniques and procedures that are more typical of a nation-state ATP group, these threat actors –  Dark Basin, DeathStalker and an unnamed third entity group detailed late last month by Bitdefender –…

U.S. urges Linux users to secure kernels from new Russian malware threat

Linux users should not assume they are safe from the ambitions and reach of reputed Russian hacking group Fancy Bear, which has been using a newly disclosed malware toolset to establish a command-and-control connection with infected Linux systems. Called Drovorub, the toolset essentially creates a backdoor that enables file downloads and uploads, the execution of…

Media companies need to lock down content systems as fake news invades

Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information to the public may also want to train themselves be on the lookout for disinformation secretly…

Dacls RAT’s goals are to steal customer data and spread ransomware

The Dacls remote access trojan that is capable of attacking Windows, Linux and macOS environments has been used to distribute VHD ransomware and to target customer databases for attempted exfiltration, according to researchers. Kaspersky on Wednesday revealed this latest intel on Dacls in a company blog post and corresponding press release that also detailed an…

‘GoldenSpy’ tax software campaign tries to erase evidence of malware

The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities. In a previous company blog post and threat report, Trustwave and its SpiderLabs team identified the accounting software…

Ex-CIA exec: Covid-19 has created ideal ‘crisis’ conditions for malicious hackers

Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…

Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn

A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…

Ramsay spy framework built to subvert air-gapped defenses

Air-gapped networks aren’t easily compromised, but they don’t offer perfectly air-tight security either. Leveraging insider threats, infecting flash drives and other removable media, and conducting side-channel attacks are all techniques malicious actors can employ to spread malware to isolated systems. Indeed, researchers at ESET are reporting the discovery of a new cyber espionage framework designed…

2FA app weaponized to infect Mac users with Dacls RAT

MacOS users who think they have protected themselves by downloading a particular two-factor authentication application may have actually infected their machines with a new variant of the Dacls remote access trojan. When Dacls was originally discovered in late 2019, it was known to target Windows and Linux platforms, but now it appears Macs are no…

Next post in Cybercrime