C2 – Page 3 – WindowsTechs.com

Microsoft uses court order to shut down APT35 websites

Posted on March 27, 2019 by Sean Lyngaas

Microsoft has used a court order to wrest control of 99 websites from suspected Iranian hackers that were using them to conduct cyberattacks, court documents unsealed Wednesday show. The tech giant last week took down websites that were “core to [the] operations” of an Iranian hacking group known as APT35 or Phosphorus, Tom Burt, a Microsoft vice president, wrote in a blog post. APT35, also known as Charming Kitten, used spoofed websites of well-known companies, including Microsoft and Yahoo, to conduct their malicious activity, he said. But the court order will force the group to recreate some of that infrastructure. The hackers have sought to steal sensitive information from businesses and government agencies, Burt wrote, though he did not specify the targets by name. APT35 also has a penchant for targeting journalists and activists who focus on Iran. Multiple years of tracking the group allowed Microsoft to build a “decisive legal […]

The post Microsoft uses court order to shut down APT35 websites appeared first on CyberScoop.

Continue reading Microsoft uses court order to shut down APT35 websites→

How hackers used a PowerPoint file to spy on Tibet’s government-in-exile

Posted on February 4, 2019 by Sean Lyngaas

A recently discovered PowerPoint file offers new clues on how hackers are trying to spy on Tibet’s government-in-exile. The malicious document was emailed to subscribers of a mailing list managed by the Central Tibetan Administration (CTA), the organization representing Tibet’s exiled government, according to Talos, Cisco’s threat intelligence unit. Tibet is officially part of China, but Tibetan leaders have lived in exile in India for decades. The email masqueraded as a file that would appeal to their politics. The PowerPoint file name – “Tibet-was-never-a-part-of-China.ppsx” – caters to the CTA mailing list, as does the message in the body of the email marking the upcoming 60th anniversary of the exile of Tibetan spiritual leader the Dalai Lama, researchers said. “Unfortunately, this [is] just part of a continuing trend of nation-state actors working to spy on civilian populations for political reasons,” Talos researchers said in a blog published Monday. They did not attribute the […]

The post How hackers used a PowerPoint file to spy on Tibet’s government-in-exile appeared first on CyberScoop.

Continue reading How hackers used a PowerPoint file to spy on Tibet’s government-in-exile→

RogueRobin Malware Uses Google Drive as C2 Channel

Posted on January 23, 2019 by Tara Seals

The RogueRobin uses a mix of novel techniques. Continue reading RogueRobin Malware Uses Google Drive as C2 Channel→

C2 Hiding

Posted on January 9, 2019 by Marc Handelman

Image Credit: Marc McGil
Carrie Roberts, writing at the superlative Black Hills Information Security blog, presents, for your bits related pleasure, the hiding of C2 encapsulated by SSH. Today’s Must Read.
The post C2 Hiding appeared first on Security… Continue reading C2 Hiding→

Massive botnet chews through 20,000 WordPress sites

Posted on December 10, 2018 by Danny Bradbury

Attackers have infected 20,000 WordPress sites by brute-forcing administrator usernames and passwords. Continue reading Massive botnet chews through 20,000 WordPress sites→

Infected WordPress Sites Are Attacking Other WordPress Sites

Posted on December 6, 2018 by Tom Spring

Researchers identified a widespread campaign of brute force attacks against WordPress websites. Continue reading Infected WordPress Sites Are Attacking Other WordPress Sites→

Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries

Posted on June 22, 2018 by Lindsey O'Donnell

A battery-saving app enables attackers to snatch text messages and read sensitive log data – but it also holds true to its advertising. Continue reading Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries→

Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops

Posted on May 10, 2018 by Chris Bing

When Vitaly Kamluk, a security researcher with Kaspersky Lab, discovered a mysterious program named “Computrace” deeply burrowed into his colleagues’ computers, he expected to find an elite hacking group at the other end — something the Moscow-based cybersecurity firm is keenly familiar with. Instead, Kamluk had uncovered a flawed but legitimate tracking software program developed by a Canadian company, named Absolute Software, which had been apparently installed at the manufacturer level. Computrace — now known as LoJack For Laptops via a licensing agreement with the famous vehicle-tracking company — has been publicly documented as having security problems, based on multiple reports, which worried Kamluk because he knew someone could leverage the underlying program in an attack to gain remote access. “It was very alarming to find unauthorized instances of Computrace,” Kamluk told CyberScoop. “There was no explanation how those new private computers had Computrace activated … We contacted Absolute technical support and provided hardware serial numbers, as […]

The post Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops appeared first on Cyberscoop.

Continue reading Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops→

RAT Distributed Via Google Drive Targets East Asia

Posted on November 30, 2017 by Tom Spring

Researchers say a new remote access Trojan dubbed UBoatRAT is targeting individuals or organizations linked to South Korea or video games industry. Continue reading RAT Distributed Via Google Drive Targets East Asia→