APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

June 21, 2022
Read More >>

HelloXD Ransomware operators install MicroBackdoor on target systems

Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn’t use a […]

The post HelloXD Ransomware operators install MicroBackdoor on target systems appeared first on Security Affairs.

June 13, 2022
Read More >>

Iran-linked Lyceum APT adds a new .NET DNS Backdoor to its arsenal

Iran-linked Lyceum APT group uses a new .NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new .NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. The activity of the Lyceum APT […]

The post Iran-linked Lyceum APT adds a new .NET DNS Backdoor to its arsenal appeared first on Security Affairs.

June 11, 2022
Read More >>

New SolarMarker variant upgrades evasion abilities to avoid detection

Researchers disclosed a new variant of the SolarMarker malware that implements new techniques to avoid detection. Cybersecurity researchers from Palo Alto Networks disclosed a new version of the SolarMarker malware that implements new features to avoid detection. SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo) is a fileless .NET RAT that implements backdoor capabilities and allows operators to steal […]

The post New SolarMarker variant upgrades evasion abilities to avoid detection appeared first on Security Affairs.

April 19, 2022
Read More >>