backdoor – WindowsTechs.com

Lazarus group evolves its infection chain with old and new malware

Posted on December 19, 2024 by Vasily Berdnikov, Sojun Ryu

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus. Continue reading Lazarus group evolves its infection chain with old and new malware→

PHP backdoor looks to be work of Chinese-linked APT group

Posted on December 16, 2024 by Greg Otto

Known as Glutton, researchers at QiAnXin’s XLab believe Winnti is responsible for the malware.

The post PHP backdoor looks to be work of Chinese-linked APT group appeared first on CyberScoop.

Continue reading PHP backdoor looks to be work of Chinese-linked APT group→

Careto is back: what’s new after 10 years of silence?

Posted on December 12, 2024 by Georgy Kucherin, Marc Rivero

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence. Continue reading Careto is back: what’s new after 10 years of silence?→

New DCOM Attack Exploits Windows Installer for Backdoor Access

Posted on December 11, 2024 by Deeba Ahmed

SUMMARY Cybersecurity researchers at Deep Instinct have uncovered a novel and powerful Distributed Component Object Model (DCOM) based… Continue reading New DCOM Attack Exploits Windows Installer for Backdoor Access→

APT trends report Q3 2024

Posted on November 28, 2024 by GReAT

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns. Continue reading APT trends report Q3 2024→

Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor

Posted on November 27, 2024 by Waqas

Watch out for the Russian hackers from the infamous RomRom group, also known as Storm-0978, Tropical Scorpius, or UNC2596, and their use of a custom backdoor. Continue reading Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor→

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

Posted on November 26, 2024 by Zeljka Zorz

Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chai… Continue reading RomCom hackers chained Firefox and Windows zero-days to deliver backdoor→

Malware linked to Salt Typhoon used to hack telcos around the world

Posted on November 26, 2024 by Greg Otto

A report from Trend Micro details the highly sophisticated ways Salt Typhoon carries out its operations.

The post Malware linked to Salt Typhoon used to hack telcos around the world appeared first on CyberScoop.

Continue reading Malware linked to Salt Typhoon used to hack telcos around the world→

Advanced threat predictions for 2025

Posted on November 25, 2024 by

Kaspersky’s Global Research and Analysis Team monitors over 900 APT (Advanced Persistent Threat) groups and operations. In this piece of KSB series, we review the advanced threat trends from the past year and offer insights into what we can expect in 2025. Continue reading Advanced threat predictions for 2025→

Advanced threat predictions for 2025

Posted on November 25, 2024 by