Category Archives: DarkHotel

Before targeting Belarus, Eastern Europe-focused hackers flew under the radar

Posted on by

A mysterious cyber-espionage group, active for nearly a decade but documented in detail by private researchers for the first time Friday, has been hacking into government organizations in Eastern Europe in search of secrets. The hacking group has targeted military organizations, foreign ministries and private firms in Russia, Ukraine, Belarus and the Balkans with pinpoint espionage. Researchers from the anti-virus firm ESET, which claimed the discovery and christened the group “XDSpy,” said the attackers have been scouring a few dozen computers in search of sensitive PDF and Microsoft Word documents. One of the few other public indicators that XDSpy was on the prowl came from a February advisory from the Belarusian government’s National Computer Emergency Response Team. That statement listed four Belarusian government email accounts that had been compromised by the attackers, but warned that various government officials had been targeted. The broader region has long been subject to cyber-espionage activity, as hackers from […]

The post Before targeting Belarus, Eastern Europe-focused hackers flew under the radar appeared first on CyberScoop.

Continue reading Before targeting Belarus, Eastern Europe-focused hackers flew under the radar

Researchers expose new malware designed to steal data from air-gapped networks

Posted on by

Hacking tools and techniques that are capable of accessing “air-gapped” systems — those cut off from external network connections — are coveted by intelligence agencies and pored over by security researchers. Spies try to conceal them; researchers try to expose them to warn potential victims. That dynamic is behind Slovakian anti-virus company ESET’s decision Wednesday to go public with what it says is a previously unknown malicious software framework designed to steal files from air-gapped systems. Much around the hacking tool — who is using it, who some of its victims are — remains a mystery. But ESET is hoping publicizing it will shake loose more clues in their hunt for the hackers. “We believe Ramsay is intended to be used in targeted attacks only and [has] espionage written all over it,” Alexis Dorais-Joncas, a security intelligence team lead at ESET, told CyberScoop. “‘Normal’ people do not operate in air-gapped environments.” The […]

The post Researchers expose new malware designed to steal data from air-gapped networks appeared first on CyberScoop.

Continue reading Researchers expose new malware designed to steal data from air-gapped networks

A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details

Posted on by

A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic, according to a Chinese security firm. An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate “many” Chinese institutions and government agencies, Qihoo 360 said in a report published Monday. In one case, DarkHotel hackers used a previously unknown software vulnerability in the enterprise Sangfor SSL VPN software, then installed malicious software onto victim machines to collect user data. The timing of the attack coincides with instructions from the Chinese government forcing citizens to work from home in order to mitigate COVID-19’s spread. Outside security researchers with experience chasing nation-state hacking groups immediately questioned whether Qihoo 360 could be sure that the DarkHotel group could be behind the campaign. “I’m going to be […]

The post A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details appeared first on CyberScoop.

Continue reading A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details

Microsoft Zero-Day Actively Exploited, Patch Forthcoming

Posted on by

CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover. Continue reading Microsoft Zero-Day Actively Exploited, Patch Forthcoming

Malware campaigns hit North Korea following nuclear ICBM tests

Posted on by

Researchers have stitched together two sophisticated malware campaigns that are targeting North Korea, raising suspicion over counteractions tied to the country’s aggressive weapons testing. Cybersecurity researchers from Cylance released a report Tuesday asserting that Konni, a recently discovered but long active family of remote access trojans, was used in a malware campaign targeting North Korea shortly after a July 3 missile test. It marks the fifth known Konni campaign in three years and the third in 2017. This follows similar reports from the firm Talos that showed a Konni campaign launched just a day after missile tests on July 4. In addition to the malware campaign, Cylance is connecting Konni to a hacking group known as DarkHotel. Just a few days after the July ICBM test, a whitepaper by the cybersecurity firm BitDefender reported a new campaign from DarkHotel, a group that has successfully targeted businesses for a decade through security holes in Wi-Fi infrastructure at hotels around the world. The […]

The post Malware campaigns hit North Korea following nuclear ICBM tests appeared first on Cyberscoop.

Continue reading Malware campaigns hit North Korea following nuclear ICBM tests