A mysterious and unidentified group of hackers has sought to paralyze the computer networks of almost 5,000 victims across the US and Europe, in one of the most widespread ransomware attacks on record.

The WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands.

Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments or vaccines.

Trend Micro reported about a new threat actor that would drop a new backdoor dubbed WhiskerSpy. The cybercriminal group, tracked as Earth Kitsune, is a relatively new threat group that conducts watering hole attacks. The malware is delivered to users w…

Trend Micro experts observed several targeted attacks against researchers of academic organizations and think tanks in Japan and attributed the campaign to Earth Yako. Previous to this, Earth Yako APT group has been abusing legitimate services such as …

SentinelOne spotted a new cyberespionage campaign, dubbed WIP26, targeting telecommunications providers in the Middle East by exploiting popular tools from Google, Microsoft, and Dropbox. The attack begins with a WhatsApp message sent to employees of t…

Researchers from the Chinese cybersecurity company Qi An Pangu Lab believe they have identified six members of the “Against The West” hacking group, according to a report published Sunday by state-controlled media.

Check Point observed a new malicious campaign targeting corporate entities in Armenia with a new OxtaRAT backdoor variant, with an aim to conduct surveillance. The attack involved a geo-political bait wherein hackers would share an image file (.SCR) ma…

When a targeted visitor tries to watch videos on the website, a malicious script injected by the attacker displays a message prompt notifying the victims with a video codec error to entice them to download and install a trojanized codec installer.

WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft Azure, Google Firebase, and Dropbox – for malware delivery, data exfiltration, and C2 purposes.