Cyber Espionage | SC Media

Cyber Espionage

‘GoldenSpy’ tax software campaign tries to erase evidence of malware

The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities. In a previous company blog post and threat report, Trustwave and its SpiderLabs team identified the accounting software…

Ex-CIA exec: Covid-19 has created ideal ‘crisis’ conditions for malicious hackers

Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…

Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn

A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…

Ramsay spy framework built to subvert air-gapped defenses

Air-gapped networks aren’t easily compromised, but they don’t offer perfectly air-tight security either. Leveraging insider threats, infecting flash drives and other removable media, and conducting side-channel attacks are all techniques malicious actors can employ to spread malware to isolated systems. Indeed, researchers at ESET are reporting the discovery of a new cyber espionage framework designed…

2FA app weaponized to infect Mac users with Dacls RAT

MacOS users who think they have protected themselves by downloading a particular two-factor authentication application may have actually infected their machines with a new variant of the Dacls remote access trojan. When Dacls was originally discovered in late 2019, it was known to target Windows and Linux platforms, but now it appears Macs are no…

PluginPhantom

PhantomLance campaign slipped trojanized apps into marketplaces for years

A long-running malware campaign whose activity dates back to 2016 has been using a sophisticated playbook of tricks to sneak trojanized Android apps into the Google Play Store as well as third-party marketplaces. Researchers from Kaspersky have dubbed the campaign PhantomLance and, based on certain calling cards, have attributed it with medium confidence to the…

Nation-state hackers reportedly hunting for COVID-19 research

Foreign state-sponsored hackers are reportedly targeting companies tasked with researching COVID-19, in some cases intruding into systems and performing reconnaissance. FBI Deputy Assistant Director Tonya Ugoretz acknowledged the cyber espionage activity in an online panel discussion organizations by the Aspen Institute, Reuters has reported. Ugoretz reportedly said that when companies publicly disclose that they are…

Former federal CIO: Efforts to ban Huawei ‘don’t make any sense to me’

Recent U.S. efforts to ban the federal use of telecommunications equipment from Huawei Technologies and other Chinese companies are “malaligned” and “don’t make any sense to me,” said former Federal CIO Tony Scott in a podcast interview with SC Media. Scott, who served under former President Barack Obama and now operates as chairman of his own…

Pic: Epic Games

Lokibot now using fake Epic Games installer to fool victims

The data harvesting malware Lokibot has again been upgraded by its creators, this time to impersonate a popular online game launcher in order to trick victims into mistakenly downloading the malware. Trend Micro researchers say Lokibot now presents itself as an installer of the Epic Games store. The threat actors used Nullsoft Scriptable Install System…

Fox Kitten APT campaign exploits VPN flaws hours after public disclosure

Iranian APT actors have engaged in a long-running cyber espionage and data theft campaign that has victimized dozens of companies around the world, typically compromising them via virtual private network and Remote Desktop Protocol services, according to a new research report. Vulnerable VPNs have been such a favorite attack vector of choice among these actors…

Next post in Cybercrime