spearphishing – Page 3 – WindowsTechs.com

Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware

Posted on December 3, 2020 by Sean Lyngaas

The hack-for-hire business is thriving. Following the revelation in November that a new mercenary group had targeted organizations in South Asia, researchers on Thursday outlined how another suspected hack-for-hire shop has used malicious code to try to breach organizations in Europe and the Americas. It’s the latest innovation in a bustling market for buying access to government and corporate networks in a range of industries. The new code, uncovered by analysts at security firm Kaspersky, can be used to remotely take over victim devices, and it interacts with the attackers via a communications-concealing protocol. The group responsible for the malware, known theatrically as DeathStalker, has been around for at least eight years but has only drawn public scrutiny in recent months, according to Kaspersky. And researchers have more digging to do. “PowerPepper,” as the new malware is known, “is already the fourth malware strain affiliated with the actor, and we have discovered […]

The post Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware appeared first on CyberScoop.

Continue reading Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware→

Think-Tanks Under Attack by Foreign APTs, CISA Warns

Posted on December 2, 2020 by Tara Seals

The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors. Continue reading Think-Tanks Under Attack by Foreign APTs, CISA Warns→

Hacker-for-hire group targeting South Asian organizations, research says

Posted on November 12, 2020 by Shannon Vavra

There’s a new cyber mercenary group on the block, and they’re going after targets in more than a dozen countries around the globe, according to BlackBerry research published Thursday. The hack-for-hire shop, which BlackBerry is calling “CostaRicto,” has largely gone after targets in South Asia, especially in India, Bangladesh and Singapore, according to BlackBerry. Some of its targeting has also been located in Africa, the Americas, Australia and Europe, including in Austria, the Bahamas, France, Mozambique, the Netherlands and Portugal, the researchers write in a blog on the group. It isn’t exactly clear who the hackers-for-hire are, but given that their targets tend to be focused in South Asia, BlackBerry researchers suggest they may be based in that region. The disparate targeting and characteristics of their toolset suggest they are working on behalf of clients, BlackBerry reachers write. CostaRicto targets victims with a custom backdoor that appeared last October, but has […]

The post Hacker-for-hire group targeting South Asian organizations, research says appeared first on CyberScoop.

Continue reading Hacker-for-hire group targeting South Asian organizations, research says→

Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

Posted on October 28, 2020 by Shannon Vavra

Iranian government-linked hackers have been sending spearphishing emails to large swaths of high-profile potential attendees of upcoming the Munich Security Conference as well as the Think 20 Summit in Saudi Arabia, according to Microsoft research. The Iranian attackers, known as Phosphorous, have disguised themselves as conference organizers and have sent fake invitations containing PDF documents with malicious links to over 100 possible invitees of the conferences, both of which are prominent summits dedicated to international security and policies of the world’s largest economies, respectively. In some cases the attackers have been successful in guiding some victims to those links, which lead victims to credential-harvesting pages, Tom Burt, corporate vice president of Microsoft Security and Trust announced in blog published Wednesday morning. “We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote in the blog. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape […]

The post Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says appeared first on CyberScoop.

Continue reading Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says→

Five Cloud Security Considerations for CISOs

Posted on October 8, 2020 by Kowsik Guruswamy

Discover How You Can Protect Users and the Organization in Today’s New Normal
The past six months have been a whirlwind of change. Security teams across the world have scrambled to empower distributed users with the tools and information they need… Continue reading Five Cloud Security Considerations for CISOs→

Feds Sound Alarm Over Emotet Attacks on State, Local Govs

Posted on October 7, 2020 by Becky Bracken

CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities. Continue reading Feds Sound Alarm Over Emotet Attacks on State, Local Govs→

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

Posted on October 7, 2020 by Elizabeth Montalbano

Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia. Continue reading PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict→

OldGremlin Ransomware Group Bedevils Russian Orgs

Posted on September 23, 2020 by Lindsey O'Donnell

The cybercriminal group has plagued firms with ransomware, sent via spear phishing emails with COVID-19 lures, since March. Continue reading OldGremlin Ransomware Group Bedevils Russian Orgs→

A new ransomware gang is aiming at big Russian targets, researchers say

Posted on September 23, 2020 by Joe Warminsky

Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB. The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says. It’s rare for a Russian-speaking ransomware group to aim at targets inside Russia but there are precedents, according to Group-IB senior digital forensics analyst Oleg Skulkin, who identified the hacking groups Silence and Cobalt as previous perpetrators. “What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Skulkin said. “This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global … or […]

The post A new ransomware gang is aiming at big Russian targets, researchers say appeared first on CyberScoop.

Continue reading A new ransomware gang is aiming at big Russian targets, researchers say→

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Posted on September 14, 2020 by Lindsey O'Donnell

Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. Continue reading Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs→