New TA886 group targets companies with custom Screenshotter malware

The TA886 hacking group targets organizations in the United States and Germany with new spyware tracked as Screenshotter. A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The experts first spotted the attacks attributed to this threat actor […]

The post New TA886 group targets companies with custom Screenshotter malware appeared first on Security Affairs.

Android mobile devices from top vendors in China have pre-installed malware

Researchers reported that the top-of-the-line Android mobile devices sold in China are shipped with malware. China is currently the country with the largest number of Android mobile devices, but a recent study conducted by researchers from the University of Edinburgh and the Trinity College of Dublin revealed that top-of-the-line Android devices sold in the country […]

The post Android mobile devices from top vendors in China have pre-installed malware appeared first on Security Affairs.

US and UK sanctioned seven Russian members of Trickbot gang

The US and the UK have sanctioned seven Russian individuals for their involvement in the TrickBot operations. The US and the UK authorities have sanctioned seven Russian individuals for their involvement in the TrickBot operations. The US Treasury has frozen the assets belonging to the individuals and imposed travel bans against them. The US Treasury […]

The post US and UK sanctioned seven Russian members of Trickbot gang appeared first on Security Affairs.

A new variant of ESXiArgs ransomware makes recovery much harder

Experts warn of new ESXiArgs ransomware attacks using an upgraded version that makes it harder to recover VMware ESXi virtual machines. Experts spotted a new variant of ESXiArgs ransomware targeting VMware ESXi servers, authors have improved the encryption process, making it much harder to recover the encrypted virtual machines. The new variant was spotted less than a […]

The post A new variant of ESXiArgs ransomware makes recovery much harder appeared first on Security Affairs.

[SANS ISC] A Backdoor with Smart Screenshot Capability

I published the following diary on isc.sans.edu: “A Backdoor with Smart Screenshot Capability“: Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being “smart” means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot

The post [SANS ISC] A Backdoor with Smart Screenshot Capability appeared first on /dev/random.

Cybersecurity Analysts Using ChatGPT for Malicious Code Analysis, Predicting Threats

ChatGPT has raised alarm among cybersecurity researchers for its unnerving ability in composing everything from sophisticated malware to phishing lures – but it’s important to keep in mind that the tool can help support cybersecurity defenses as well. Shiran Grinberg, director of research and cyber operations at Cynet, told eSecurity Planet that too many companies […]

The post Cybersecurity Analysts Using ChatGPT for Malicious Code Analysis, Predicting Threats appeared first on eSecurityPlanet.

Russian national pleads guilty to money laundering linked to Ryuk Ransomware operation

A Russian national pleaded guilty in the U.S. to money laundering charges linked to the Ryuk ransomware operation. On February 7, 2023, Russian national Denis Mihaqlovic Dubnikov (30) pleaded guilty in the U.S. to one count of conspiracy to commit money laundering for the Ryuk ransomware operation. Denis Mihaqlovic Dubnikov, 30, was arrested in Amsterdam in November […]

The post Russian national pleads guilty to money laundering linked to Ryuk Ransomware operation appeared first on Security Affairs.

New Graphiron info-stealer used in attacks against Ukraine

A Russia-linked threat actor has been observed deploying a new information stealer dubbed Graphiron in attacks against Ukraine. Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. The Nodaria APT group has been active since at least March 2021, it […]

The post New Graphiron info-stealer used in attacks against Ukraine appeared first on Security Affairs.