FSB’s Fronton DDoS tool was actually designed for widespread ‘massive’ fake info campaigns, researchers say

The analysis shows that what was thought of as a straightforward DDoS tool was so much more.

The post FSB’s Fronton DDoS tool was actually designed for widespread ‘massive’ fake info campaigns, researchers say appeared first on CyberScoop.

Continue reading FSB’s Fronton DDoS tool was actually designed for widespread ‘massive’ fake info campaigns, researchers say

Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme

The defendant earned roughly $80,000 from his crimes between 2017 and 2019, prosecutors said.

The post Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme appeared first on CyberScoop.

Continue reading Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme

New Sophisticated Malware

Mandiant is reporting on a new botnet.

The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:

  • The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don’t support antivirus or endpoint detection. This makes detection through traditional means difficult.

Continue reading New Sophisticated Malware

Group behind Emotet botnet malware testing new methods to get around Microsoft security

Recent changes to Microsoft automation capabilities may be forcing cybercrime operators to adapt.

The post Group behind Emotet botnet malware testing new methods to get around Microsoft security appeared first on CyberScoop.

Continue reading Group behind Emotet botnet malware testing new methods to get around Microsoft security

US Disrupts Russian Botnet

The Justice Department announced the disruption of a Russian GRU-controlled botnet:

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as “bots,” the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control. …

Continue reading US Disrupts Russian Botnet

US says it disrupted Russian botnet ‘before it could be weaponized’

The botnet was being assembled by Russia’s foreign intelligence agency, the GRU, Attorney General Merrick Garland said at a news conference.

The post US says it disrupted Russian botnet ‘before it could be weaponized’ appeared first on CyberScoop.

Continue reading US says it disrupted Russian botnet ‘before it could be weaponized’

Sandworm-linked botnet has another piece of hardware in its sights

The CyclopsBlink botnet is now targeting internet routers from hardware maker ASUS, Trend Micro researchers said.

The post Sandworm-linked botnet has another piece of hardware in its sights appeared first on CyberScoop.

Continue reading Sandworm-linked botnet has another piece of hardware in its sights