Security Research – Page 3 – WindowsTechs.com

A botnet named after Prometheus jumps is also exploiting Exchange Server flaws

Posted on April 22, 2021 by Sean Lyngaas

Sometimes a glaring new software vulnerability is all that scammers need to revive a trusty hacking scheme. Just days after Microsoft announced that suspected Chinese spies were exploiting bugs in Microsoft Exchange Server software in March, Russian-speaking attackers controlling a botnet, or army of compromised computers, used those vulnerabilities to conduct a series of intrusions at companies in North America, according to incident responders at security firm Cybereason. The hacks, which are among several breaches involving the Exchange Server vulnerabilities, show how the same bugs in widely used software can be used for very different purposes. And the reemergence of the so-called Prometei botnet, named after the Russian word for Prometheus, the Greek god of fire, is a reminder of the many malicious purposes that the zombie computers serve. Cybereason said it was aware of more than a dozen recent hacking incidents involving the Prometei botnet, which the attackers typically use […]

The post A botnet named after Prometheus jumps is also exploiting Exchange Server flaws appeared first on CyberScoop.

Continue reading A botnet named after Prometheus jumps is also exploiting Exchange Server flaws→

Hackers pose as Bloomberg employees in email scam

Posted on April 21, 2021 by Sean Lyngaas

Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers, researchers said Wednesday. The ruse seeks to capitalize on the influence of Bloomberg Industry Group (formally known as Bloomberg BNA), whose analysis major corporations use to track markets, according to Cisco Talos, which discovered the activity. The perpetrator is sending fake Bloomberg invoices that are laced with a “remote access trojan” tools that could be used to surveil computer networks or steal data. The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away. It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, […]

The post Hackers pose as Bloomberg employees in email scam appeared first on CyberScoop.

Continue reading Hackers pose as Bloomberg employees in email scam→

Suspected Chinese spies cover tracks in efforts to breach Vietnamese government

Posted on April 5, 2021 by Sean Lyngaas

A previously undocumented group of Chinese-speaking spies conducted a months-long campaign to infect the computers of government agencies in Vietnam and other Asian countries, researchers from the antivirus firm Kaspersky said Monday. The findings point to how alleged Chinese hacking groups overlap — and may collaborate — in their longstanding efforts to infiltrate the Southeast Asian governments with which China quarrels over territory. For example, the hackers’ techniques bear some similarities to that of a Chinese-speaking group called Cycldek that has been around eight years. But they’re also notably more advanced than Cycldek, leaving the Kaspersky researchers struggling to trace the specific origins of the group. The attackers executed code capable of taking full control of target computers, but they also stripped the code of digital clues that would make them easier to track. “One hypothesis we have is that one or several former Cycldek operators could have joined another […]

The post Suspected Chinese spies cover tracks in efforts to breach Vietnamese government appeared first on CyberScoop.

Continue reading Suspected Chinese spies cover tracks in efforts to breach Vietnamese government→

How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals

Posted on March 31, 2021 by Sean Lyngaas

Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday. The intrusion attempts — carefully crafted efforts to spy on senior medical professionals in the genetic, neurology and oncology fields — are the handiwork of the Charming Kitten hacking group, Proofpoint said. A 2019 U.S Justice Department indictment linked the group to the Iranian military. The phishing campaign shows how, more than a decade after the Stuxnet worm’s infiltration of an Iranian nuclear facility, hacking is still central to the high-stakes spying game between Iran, Israel and the U.S. And it is but one of several recent examples, including the targeting of the 2020 U.S. election, of how Iranian hackers are capable of threatening U.S. interests. In this case, the suspected Iranian […]

The post How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals appeared first on CyberScoop.

Continue reading How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals→

Hackers target Apple developers with backdoor

Posted on March 18, 2021 by Shannon Vavra

Hackers appear to be targeting Apple developers with a backdoor that has worked its way into a shared Xcode project, according to SentinelOne research published Thursday. In a blog post, SentinelOne says an external researcher alerted the company about malicious code that was tainting a development project in Xcode, Apple’s integrated development environment (IDE) for macOS. The nefarious project, which the researchers say abuses the Run Script feature in Xcode, is a malicious version of an open-source project that’s been available on GitHub that’s intended to help developers with features in animating the iOS Tab Bar. The attackers have made a version of the project to execute a malicious script and target a victim’s development machine with a backdoor. If they leverage the backdoor properly the attackers could record through the victim’s microphone or camera, or log keystrokes from their keyboard. The hackers could also upload or download files, according […]

The post Hackers target Apple developers with backdoor appeared first on CyberScoop.

Continue reading Hackers target Apple developers with backdoor→

At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns

Posted on March 10, 2021 by Sean Lyngaas

Critical vulnerabilities in Microsoft software have turned into a feeding frenzy for state-linked hackers. At least 10 such hacking groups have exploited the flaws in the Exchange Server email program in recent days in operations around the world, anti-virus firm ESET said Wednesday. Many of the groups have well-documented links to China. The surge in hacking suggests multiple sets of espionage groups had access to the software exploit before Microsoft released fixes for it on March 2. It also compounds the challenges facing incident responders who are rushing to deal with the breaches, and bracing for additional exploitation of the bugs by criminal hackers. “It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later,” ESET researchers wrote in a blog post Wednesday. The intrusions by advanced persistent threat […]

The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.

Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns→

At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns

Posted on March 10, 2021 by Sean Lyngaas

The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.

Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns→

BEC scammer infects own device, giving researchers a front-row seat to operations

Posted on March 4, 2021 by Sean Lyngaas

In some media portrayals, criminal and state-backed hackers are invariably depicted as cunning and sophisticated, gliding inexorably toward their latest data heist. Reality is murkier. These digital operatives are, of course, human and prone to mistakes that expose their activity. A North Korean man accused of hacking Sony Pictures Entertainment in 2014, for example, mixed his real identity with his alias in registering online accounts, making it easier for U.S. investigators to track him. The most recent example of bumbling digital behavior occurred when a scammer infected their own device, offering researchers a front-row seat to the attacker’s scheme and lessons in how to defend against it. “This is a big failure in their operational security as it gives us direct insight into some of the attacker’s tactics and operation,” said Luke Leal, a researcher at web security firm Sucuri, which made the discovery. The attacker was trying to carry […]

The post BEC scammer infects own device, giving researchers a front-row seat to operations appeared first on CyberScoop.

Continue reading BEC scammer infects own device, giving researchers a front-row seat to operations→

Ransomware hackers turn to virtual machine software to boost extortion schemes

Posted on February 26, 2021 by Sean Lyngaas

Ransomware gangs that target big corporations for extortion have long designed their code to execute on Microsoft Windows systems because of the popularity of the operating software. Now, though, crooks are increasingly applying that tactic to the “hypervisor” computer servers that organizations use to manage virtual machines as a way of maximizing their extortion schemes, security firm CrowdStrike said Friday. Ransomware hackers have targeted hospitals and schools throughout the pandemic, a security challenge that the Biden administration has vowed to address. Alejandro Mayorkas, the newly installed Homeland Security secretary, on Thursday called ransomware attacks on U.S. public and private organizations an “epidemic” while pledging more government resources to fight the problem. Breaching a hypervisor is an efficient way for the scammers to encrypt all of the virtual machines running on that software system without having to individually infect each machine. The goal is to up the pressure on big […]

The post Ransomware hackers turn to virtual machine software to boost extortion schemes appeared first on CyberScoop.

Continue reading Ransomware hackers turn to virtual machine software to boost extortion schemes→

New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing

Posted on February 9, 2021 by Sean Lyngaas

In one of his regular sweeps for new malicious software targeting Android phones, security researcher Vitor Ventura came across what looked like a run-of-the mill hacking tool. Like so many pieces of code before it, the malware was capable of stealing information from a mobile device and sending it back to a command and control server. But when Ventura dug deeper, he found that the remote access trojan (or RAT, as the tool is commonly known) was capable of surreptitiously recording conversations and taking screenshots. Spying, rather than immediately making money off of the illicit access, was the apparent goal. On Tuesday, Ventura and his colleagues at Talos, Cisco’s threat intelligence unit, publicly connected the new Android tool to the malware developers behind a multi-year effort to spy on people from South America to Bangladesh. Much about the people behind the hacking campaign is a mystery. Ventura and his colleagues […]

The post New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing appeared first on CyberScoop.

Continue reading New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing→