CloudWizard APT: the bad magic story goes on
Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict.
Backdoor
APT trends report Q1 2023
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.
Hackers Abuse Outdated Eval PHP WordPress Plugin To Deploy Backdoors
Researchers found active exploitation of the Eval PHP WordPress plugin to deploy backdoors on target…
Hackers Abuse Outdated Eval PHP WordPress Plugin To Deploy Backdoors on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration…
Tomiris called, they want their Turla malware back
We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla.
Abandoned Eval PHP WordPress plugin abused to backdoor websites
Threat actors were observed installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment. Researchers from Sucuri warned that threat actors are installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment. The Eval PHP plugin allows PHP code to be inserted into the pages and posts of WordPress […]
The post Abandoned Eval PHP WordPress plugin abused to backdoor websites appeared first on Security Affairs.
Following the Lazarus group by tracking DeathNote campaign
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote.
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.
New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict
Threat actors are targeting organizations located in Donetsk, Lugansk, and Crimea with a previously undetected framework dubbed CommonMagic. In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. Researchers believe that threat actors use spear […]
The post New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict appeared first on Security Affairs.
Bad magic: new APT found in the area of Russo-Ukrainian conflict
In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions.
Inadequate patches and advisories increase cyber risk
Trend Micro’s overall threat detections increased by 55%, and the number of blocked malicious files surged by 242% due to indiscriminate targeting by threat actors who went after both consumers and organizations in all sectors. Trends for 2022 an…