Category Archives: Cisco Talos

Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector

Posted on by

For years, suspected Pakistani hackers have sought to pry their way into Indian government computer networks as part of broader dueling cyber-espionage campaigns between the rival nations. Over the last 18 months, a spying group known as Transparent Tribe has expanded its use of a hacking tool capable of stealing data and taking screenshots from computers, according to research published Thursday by Talos, Cisco’s threat intelligence unit. Hackers also are going after additional targets beyond Indian military personnel, including defense contractors and attendees of Indian government-sponsored conferences. Talos did not mention Pakistan in its research, but multiple security researchers told CyberScoop the Transparent Tribe group is suspected of operating on behalf of the Pakistani government. Similarly, research from email security firm Proofpoint has previously linked a Pakistan-based company to the development of the group’s malicious code. Talos’ findings reflect a relentless appetite for defense-related secrets among hacking groups with suspected […]

The post Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector appeared first on CyberScoop.

Continue reading Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector

Hackers pose as Bloomberg employees in email scam

Posted on by

Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers, researchers said Wednesday. The ruse seeks to capitalize on the influence of Bloomberg Industry Group (formally known as Bloomberg BNA), whose analysis major corporations use to track markets, according to Cisco Talos, which discovered the activity. The perpetrator is sending fake Bloomberg invoices that are laced with a “remote access trojan” tools that could be used to surveil computer networks or steal data. The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away. It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, […]

The post Hackers pose as Bloomberg employees in email scam appeared first on CyberScoop.

Continue reading Hackers pose as Bloomberg employees in email scam

Hackers are abusing Discord, Slack file-sharing to distribute malware

Posted on by

Hackers are increasingly using Slack and Discord to distribute malware to unsuspecting victims, according to Cisco Talos research published Wednesday.  Suspected cybercriminals have been uploading files to the platforms, which are then stored within the apps’ content delivery networks, resulting in a link to malicious content. Attackers then share the links outside of Slack and Discord — over email or on other chat applications, for instance — allowing hackers to share the link wherever they want. It’s the kind of workaround that could allows hackers to meet targets where they already are — on platforms they trust and need to conduct business or socialize — which could allow them to boost the success of any social engineering efforts.  Hackers have long abused people’s trust in chat applications to deliver malware to targets. Hackers previously used Discord to distribute Thanatos ransomware, according to Talos. In recent months, a hacking group that targets victims in […]

The post Hackers are abusing Discord, Slack file-sharing to distribute malware appeared first on CyberScoop.

Continue reading Hackers are abusing Discord, Slack file-sharing to distribute malware

The latest malware hiding in video game cheat codes

Posted on by

Gamers have long used cheat codes to enhance their performance in video games. But buyer beware — hackers have recently been lacing malware in video game cheat codes that could allow attackers to hack victims’ microphones or web cameras, according to research Cisco Talos researchers published Wednesday. The campaign, which appears to have targeted video game players and PC modders, features malware hidden in seemingly legitimate files that users can download to run game patches, tweaks or modding tools. The malware hackers have used in this campaign, XtremeRAT, can capture audio or video through victims’ microphones or web cameras, take screenshots, upload and download files or log keystrokes. The victims involved in this campaign have generally accessed the booby-trapped downloads from YouTube videos about game cheats or social media forums about specific games of interest, Cisco Talos said. “This goes to show how dangerous it is to install random software from questionable […]

The post The latest malware hiding in video game cheat codes appeared first on CyberScoop.

Continue reading The latest malware hiding in video game cheat codes

New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing

Posted on by

In one of his regular sweeps for new malicious software targeting Android phones, security researcher Vitor Ventura came across what looked like a run-of-the mill hacking tool. Like so many pieces of code before it, the malware was capable of stealing information from a mobile device and sending it back to a command and control server. But when Ventura dug deeper, he found that the remote access trojan (or RAT, as the tool is commonly known) was capable of surreptitiously recording conversations and taking screenshots. Spying, rather than immediately making money off of the illicit access, was the apparent goal. On Tuesday, Ventura and his colleagues at Talos, Cisco’s threat intelligence unit, publicly connected the new Android tool to the malware developers behind a multi-year effort to spy on people from South America to Bangladesh. Much about the people behind the hacking campaign is a mystery. Ventura and his colleagues […]

The post New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing appeared first on CyberScoop.

Continue reading New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Posted on by

The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism. Continue reading Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Posted on by

The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism. Continue reading Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Posted on by

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared. Continue reading Cybercriminals Step Up Their Game Ahead of U.S. Elections