remote-access Trojan – Page 2

Alleged seller of NetWire RAT arrested in Croatia

Posted on March 10, 2023 by Help Net Security

This week, as part of a global law enforcement operation, federal authorities in Los Angeles successfully confiscated www.worldwiredlabs.com, a domain utilized by cybercriminals to distribute the NetWire remote access trojan (RAT) allowed perpetrators … Continue reading Alleged seller of NetWire RAT arrested in Croatia→

Business-grade routers compromised in low-key attack campaign

Posted on March 6, 2023 by Zeljka Zorz

An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan (dubbed HiatusRAT) and a packet capturing program. “The impacted models are high-band… Continue reading Business-grade routers compromised in low-key attack campaign→

Attackers mount Magento supply chain attack by compromising FishPig extensions

Posted on September 14, 2022 by Zeljka Zorz

FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected with malware after its distribution server was compromised. How the attackers c… Continue reading Attackers mount Magento supply chain attack by compromising FishPig extensions→

Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

Posted on February 4, 2022 by AJ Vicens

A series of cyberattacks on Ukrainian institutions over the past few weeks — including website defacement, computer-wiping malware and phishing campaigns — have the hallmarks of hacking activity associated with the Russian government, but conclusive attribution remains elusive. Research published Thursday, however, shows how a known Russia-linked hacking group, Gamaredon, could be involved in active targeting of Ukrainian targets, including an attempt to compromise a Western government entity in Ukraine on Jan. 19. The findings, published by Palo Alto Networks’ Unit 42 threat intelligence unit, focus on the group as the Russian military amasses more than 100,000 troops along its border with Ukraine. The U.S. and other NATO governments say it’s preparation for a dramatic military escalation. Unit 42 makes clear that its research does not directly tie Gamaredon to the recent high-profile attacks. The team says it mapped out three “large clusters” of Gamaredon infrastructure that are used to support […]

The post Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say appeared first on CyberScoop.

Continue reading Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say→

Hacking group accidentally infects itself with Remote Access Trojan horse

Posted on January 11, 2022 by Graham Cluley

Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really cock things up you need to be a cybercriminal. Continue reading Hacking group accidentally infects itself with Remote Access Trojan horse→

Corelight Sensors detect the ChaChi RAT

Posted on June 24, 2021 by Corelight Labs Team

By Paul Dokas, Keith Jones, Anthony Kasza, Yacin Nadji, & Vern Paxson – Corelight Labs Team Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as … Continue reading Corelight Sensors detect the ChaChi RAT→

After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments

Posted on June 17, 2021 by Sean Lyngaas

Days after Israel and Gaza-based militant group Hamas agreed to a ceasefire in May, Arabic-speaking hackers resumed an effort to break into government networks in the Middle East, according to research published Thursday. The hacking group, known as MoleRATs, sent target organizations a malware-laced PDF claiming to be a report on Hamas members meeting with the Syrian government, security firm Proofpoint said. The malicious code is able to access files and take screenshots on a victim’s computer in furtherance of a spying campaign. It’s an example of how, alongside the violence that has long marked the Israel-Palestine conflict, there are often much subtler efforts by digital spies to access networks. It’s unclear what caused the hacking group to take a two-month break starting in March, or why it resumed activity in early June. Proofpoint analysts speculated that either the Muslim holy month of Ramadan or the latest Israel-Hamas conflict, which […]

The post After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments appeared first on CyberScoop.

Continue reading After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments→

AHK RAT Loader Used in Unique Delivery Campaigns

Posted on May 14, 2021 by Arnold Osipov

Intro:
The Morphisec Labs team has tracked a unique and ongoing RAT delivery campaign that started in February of this year. This campaign is unique in that it heavily uses the AutoHotKey scripting language—a fork of the AutoIt language that is f… Continue reading AHK RAT Loader Used in Unique Delivery Campaigns→

Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector

Posted on May 13, 2021 by Sean Lyngaas

For years, suspected Pakistani hackers have sought to pry their way into Indian government computer networks as part of broader dueling cyber-espionage campaigns between the rival nations. Over the last 18 months, a spying group known as Transparent Tribe has expanded its use of a hacking tool capable of stealing data and taking screenshots from computers, according to research published Thursday by Talos, Cisco’s threat intelligence unit. Hackers also are going after additional targets beyond Indian military personnel, including defense contractors and attendees of Indian government-sponsored conferences. Talos did not mention Pakistan in its research, but multiple security researchers told CyberScoop the Transparent Tribe group is suspected of operating on behalf of the Pakistani government. Similarly, research from email security firm Proofpoint has previously linked a Pakistan-based company to the development of the group’s malicious code. Talos’ findings reflect a relentless appetite for defense-related secrets among hacking groups with suspected […]

The post Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector appeared first on CyberScoop.

Continue reading Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector→

Hackers pose as Bloomberg employees in email scam

Posted on April 21, 2021 by Sean Lyngaas

Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers, researchers said Wednesday. The ruse seeks to capitalize on the influence of Bloomberg Industry Group (formally known as Bloomberg BNA), whose analysis major corporations use to track markets, according to Cisco Talos, which discovered the activity. The perpetrator is sending fake Bloomberg invoices that are laced with a “remote access trojan” tools that could be used to surveil computer networks or steal data. The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away. It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, […]

The post Hackers pose as Bloomberg employees in email scam appeared first on CyberScoop.

Continue reading Hackers pose as Bloomberg employees in email scam→