Advanced threat predictions for 2025

Kaspersky’s Global Research and Analysis Team monitors over 900 APT (Advanced Persistent Threat) groups and operations. In this piece of KSB series, we review the advanced threat trends from the past year and offer insights into what we can expect in 2025. Continue reading Advanced threat predictions for 2025

Advanced threat predictions for 2025

Kaspersky’s Global Research and Analysis Team monitors over 900 APT (Advanced Persistent Threat) groups and operations. In this piece of KSB series, we review the advanced threat trends from the past year and offer insights into what we can expect in 2025. Continue reading Advanced threat predictions for 2025

Botnet serving as ‘backbone’ of malicious proxy network taken offline 

Lumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday.

The post Botnet serving as ‘backbone’ of malicious proxy network taken offline  appeared first on CyberScoop.

Continue reading Botnet serving as ‘backbone’ of malicious proxy network taken offline 

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack:

“Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly increase the likelihood of successful credential compromise and initial access to multiple organizations in a short amount of time,” Microsoft officials wrote. “This scale, combined with quick operational turnover of compromised credentials between CovertNetwork-1658 and Chinese threat actors, allows for the potential of account compromises across multiple sectors and geographic regions.”…

Continue reading IoT Devices in Password-Spraying Botnet

FBI Shuts Down Chinese Botnet

The FBI has shut down a botnet run by Chinese hackers:

The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations…. The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024.

The operation to dismantle the botnet was coordinated by the FBI, the NSA, and the Cyber National Mission Force (CNMF), according to a press release dated …

Continue reading FBI Shuts Down Chinese Botnet

FBI joint operation takes down massive Chinese botnet, Wray says

Flax Typhoon targeted critical infrastructure in the U.S. and abroad and compromised hundreds of thousands of devices, the FBI director said.

The post FBI joint operation takes down massive Chinese botnet, Wray says appeared first on CyberScoop.

Continue reading FBI joint operation takes down massive Chinese botnet, Wray says

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet:

According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States. Wang then generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee…

Continue reading The Justice Department Took Down the 911 S5 Botnet

Global police operation strikes against malware infrastructure 

‘Operation Endgame’ targeted well-known malware variants used to facilitate ransomware and other serious cybercrime.

The post Global police operation strikes against malware infrastructure  appeared first on CyberScoop.

Continue reading Global police operation strikes against malware infrastructure 

Chinese-linked hacking units increasingly use ‘ORBs’ to obfuscate espionage, researchers say

Scores of purchased or compromised devices used in “operational relay box networks” make detection and defense harder.

The post Chinese-linked hacking units increasingly use ‘ORBs’ to obfuscate espionage, researchers say appeared first on CyberScoop.

Continue reading Chinese-linked hacking units increasingly use ‘ORBs’ to obfuscate espionage, researchers say