More results...
In October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive. The final payload was the Go-written GC2 tool that gets commands from Google Sheets and exfiltrates data to Google Drive.
The latest intrusion wave, spotted by IBM Security X-Force two months ago, involves the use of Dave Loader, a crypter previously attributed to the Conti group (aka Gold Blackburn, ITG23, or Wizard Spider), to deploy the Domino backdoor.
SentinelLabs identified a campaign by the Transparent Tribe that targets the Indian education sector via education-themed malicious Office documents propagating Crimson RAT. The group has long been targeting different sectors in India. Hence, vigi…
The new, rather sophisticated PowerShell script automates data theft from compromised networks. The script uses PowerShell to automate data exfiltration and consists of multiple functions, including Work(), Show(), CreateJobLocal(), and fill().
“The business-like set up of the group, where affiliates are required to remain active or notify the gang of their leave, shows the organizational maturity of the group, as has also been observed in other groups, such as Conti,”
Trellix reported.
SentinelLabs has been tracking a recently disclosed cluster of malicious Office documents that distribute Crimson RAT, used by the APT36 group (aka Transparent Tribe) targeting the education sector.
This threat cluster linked to the North Korean threat actor Lazarus is also known as Operation DreamJob or NukeSped. It’s dubbed DeathNote after its malware payloads named Dn.dll or Dn64.dll.
Ukrainian hacker group Cyber Resistance, aka Ukrainian Cyber Alliance, has claimed to have hacked the email, social media, and personal accounts of Russian GRU officer Lieutenant Colonel Sergey Alexandrovich Morgachev, the leader of APT28.
Researchers revealed details about Joker DPR, a pro-Russian hacker group that has become notable in Russia’s invasion of Ukraine and often disseminates pro-Russian propaganda through social media. The group claims of collaboration with other pro-Russia…
The Iranian nation-sponsored hacker group MuddyWater was spotted joining hands with another emerging threat actor DEV-1084 to conduct destructive attacks disguised as ransomware attacks. DEV-1084 abuses the compromised credentials from high-privilege a…