Category Archives: spearphishing

A new ransomware gang is aiming at big Russian targets, researchers say

Posted on by

Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB. The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says. It’s rare for a Russian-speaking ransomware group to aim at targets inside Russia but there are precedents, according to Group-IB senior digital forensics analyst Oleg Skulkin, who identified the hacking groups Silence and Cobalt as previous perpetrators. “What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Skulkin said. “This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global … or […]

The post A new ransomware gang is aiming at big Russian targets, researchers say appeared first on CyberScoop.

Continue reading A new ransomware gang is aiming at big Russian targets, researchers say

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Posted on by

Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. Continue reading Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

A financially-motivated attack group is getting better at using this banking trojan

Posted on by

Threat actors using a common banking trojan are improving the ways they get it on victims’ systems, according to new research from Juniper Networks’ threat research team. In recent months the operators have been working to evade detection by using password protected attachments and keyword obfuscation in their trojanized documents, according to Juniper Threat Labs. And in the last month, the hackers have gone a step further and begun using a malicious DLL file to run a second-stage attack that ultimately delivers IcedID, a banking trojan, says Juniper security researcher Paul Kimayong. “This time, they also use a DLL for the second-stage downloader, which shows a new maturity level of this threat actor,” Kimayong says in a blog on the matter. IcedID, which IBM X-Force researchers discovered in 2017, has been used in a variety of financially-motivated attacks targeting banks, payment card providers, payroll, and e-commerce sites. The attackers have […]

The post A financially-motivated attack group is getting better at using this banking trojan appeared first on CyberScoop.

Continue reading A financially-motivated attack group is getting better at using this banking trojan

Twitter: Epic Account Hack Caused by Mobile Spearphishing

Posted on by

Hackers “mislead certain employees” to gain access to internal tools to take over high-profile accounts and push out a Bitcoin scam. Continue reading Twitter: Epic Account Hack Caused by Mobile Spearphishing

Hackers are still running coronavirus-related campaigns, CrowdStrike warns

Posted on by

Although many municipalities around the world have begun to ease up on stay-at-home orders, hackers are still running spearphishing and disinformation campaigns taking advantage of the pandemic. Adam Meyers, CrowdStrike’s Vice President of Intelligence, says nation-state and criminal spearphishing campaigns that leverage COVID-19 themed lures are still on the rise. “We’ve been seeing an increase of … behavior of social engineering where they’re impersonating things like the WHO, CDC, HHS, hospitals, healthcare [entities], and even insurance companies to entice people to click links or to click on on phishing [and] open files,” Meyers said Wednesday while speaking at the virtual CrowdStrike’s Fal.Con for Public Sector Conference, produced by FedScoop and CyberScoop. “This is an increasing problem and it demonstrates that the threat actors have found an unprecedented level of awareness around COVID-19…and they’re taking advantage of that and they’re capitalizing on it.” Hackers working for China, Russia, Iran, North Korea, Pakistan, […]

The post Hackers are still running coronavirus-related campaigns, CrowdStrike warns appeared first on CyberScoop.

Continue reading Hackers are still running coronavirus-related campaigns, CrowdStrike warns

‘Vendetta’ hackers are posing as Taiwan’s CDC in data-theft campaign

Posted on by

A mysterious hacking group has been posing as Taiwan’s top infection-disease official in an attempt to steal sensitive data from Taiwanese users, researchers said Monday. The hackers sent meticulously written spearphishing emails to a select group of targets, which may have included Taiwan’s Centers for Disease Control employees, according to ElevenPaths, the cybersecurity unit of Spanish telecommunications firm Telefónica Group, which uncovered the activity. It’s a reminder of the lengths to which hacking groups have gone to impersonate public health authorities and break into computer networks during the COVID-19 pandemic. Over the course of a week in early May, the hackers sent emails to certain Taiwanese users urging them to get novel coronavirus tests. Attached to the email was a remote hacking tool capable of stealing login credentials and hijacking webcams. “The type of tools and the targets selected indicate that they are looking for intelligence, mainly governmental,” Miguel Ángel […]

The post ‘Vendetta’ hackers are posing as Taiwan’s CDC in data-theft campaign appeared first on CyberScoop.

Continue reading ‘Vendetta’ hackers are posing as Taiwan’s CDC in data-theft campaign

Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools

Posted on by

A Russian-speaking espionage group has been using new email hacking tools in a multi-month campaign intended to infiltrate unidentified government organizations, according to new research. The group, known as Gamaredon, has spent the last six months inundating the organizations with spearphishing emails and not bothering to cover their tracks, the Slovak anti-virus company ESET said Thursday. The researchers declined to name the government targeted. But historically, Gamaredon is one of multiple Russia-linked groups that has spied on Ukrainian government and corporate officials. And they are one of the more conspicuous ones. “They make no effort to stay under the radar,” Jean-Ian Boutin, ESET’s head of threat research, told CyberScoop. “One hypothesis is that they are doing that to create a state of constant dread in their targets.” One of the hacking tools uses a victim’s Microsoft Outlook account to send spearphishing messages to people in their contact address book. Another tool injects malicious code into Microsoft Office documents. The […]

The post Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools appeared first on CyberScoop.

Continue reading Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools

Google: Biden and Trump campaigns targeted by separate spearphishing campaigns

Posted on by

Hackers linked with China and Iran have been sending malicious spearphishing emails to staff on Joe Biden and President Donald Trump’s campaigns respectively, according to a researcher with Google’s Threat Analysis Group. Chinese government-linked hackers have been targeting Biden’s staffers, whereas Iranian government-linked hackers have been targeting Trump’s campaign, according to Shane Huntley, the Director of Google’s Threat Analysis Group. There is no evidence that the hacking attempts have resulted in compromises, Huntley said. This is just the latest warning from security researchers and the U.S. intelligence community that foreign government-backed hackers are interested in targeting various U.S. presidential campaigns during the 2020 election cycle, in what is turning out to be a tumultuous year for American citizens amid economic turmoil, the coronavirus pandemic, and mass protests about racism. “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for […]

The post Google: Biden and Trump campaigns targeted by separate spearphishing campaigns appeared first on CyberScoop.

Continue reading Google: Biden and Trump campaigns targeted by separate spearphishing campaigns