Black Lotus Labs – WindowsTechs.com

Russian-linked Turla caught using Pakistani APT infrastructure for espionage

Posted on December 4, 2024 by Greg Otto

Both Microsoft and Lumen’s BlackLotus Labs found Turla spying on Afghanistan and India via Pakistani infrastructure.

The post Russian-linked Turla caught using Pakistani APT infrastructure for espionage appeared first on CyberScoop.

Continue reading Russian-linked Turla caught using Pakistani APT infrastructure for espionage→

Botnet serving as ‘backbone’ of malicious proxy network taken offline

Posted on November 19, 2024 by mbracken

Lumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday.

The post Botnet serving as ‘backbone’ of malicious proxy network taken offline appeared first on CyberScoop.

Continue reading Botnet serving as ‘backbone’ of malicious proxy network taken offline →

Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military

Posted on September 18, 2024 by Ryan Naraine

Black Lotus Labs estimates that more than 200,000 routers, network-attached storage servers, and IP cameras have been ensnared in the botnet.
The post Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military appeared first on Sec… Continue reading Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military→

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Posted on August 27, 2024 by BrianKrebs

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China. Continue reading New 0-Day Attacks Linked to China’s ‘Volt Typhoon’→

Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day

Posted on August 26, 2024 by Ryan Naraine

Malware hunters catch Chinese APT Volt Typhoon exploiting a zero-day in Versa Director servers used by ISPs and MSPs.
The post Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day appeared first on SecurityWeek.
Continue reading Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day→

Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet

Posted on December 13, 2023 by Ryan Naraine

Malware hunters have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers and connects it to a Chinese APT targeting US critical infrastructure.
The post Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet appeare… Continue reading Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet →

Who and What is Behind the Malware Proxy Service SocksEscort?

Posted on July 25, 2023 by BrianKrebs

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Continue reading Who and What is Behind the Malware Proxy Service SocksEscort?→