Collaborate Disseminate
Researchers reveal new details about a highly successful cybercrime group thought to have stolen millions over the last few years.
The post French-speaking cybercriminals continue attacks on African banks appeared first on CyberScoop.
Continue reading French-speaking cybercriminals continue attacks on African banks
Researchers with Symantec said the group that it has tracked for years has recently targeted government networks in the U.S. and Middle East.
The post Chinese-linked hackers targeted U.S. state legislature, researchers say appeared first on CyberScoop.
Continue reading Chinese-linked hackers targeted U.S. state legislature, researchers say
Ransomware gangs are planning on trying out a new tactic, and it involves the destruction of the victims’ data. Targeting the data Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltra… Continue reading To encrypt or to destroy? Ransomware affiliates plan to try the latter
A coalition of cybersecurity and technology leaders announced an open-source effort to break down data silos that impede security teams. The Open Cybersecurity Schema Framework (OCSF) project, revealed at Black Hat USA 2022, will help organizations det… Continue reading Open Cybersecurity Schema Framework project helps organizations detect and defend from cyberattacks
A backdoor in use as recently as November 2021 is the “most advanced piece of malware” ever seen from China-linked spies, according to researchers at Symantec. The cybersecurity company said Monday that the backdoor, dubbed Daxin, is part of “a long-running espionage campaign against select governments and other critical infrastructure targets,” most of them being of strategic interest to China. The malware “appears to be optimized for use against hardened targets, allowing the attackers to burrow deep into a target’s network and exfiltrate data without raising suspicions,” the researchers said. “This isn’t really comparable to any other strains of China-linked malware in our opinion. It’s on another level,” Dick O’Brien, principal editor for the Symantec Threat Intelligence Team, told CyberScoop. “It would be near the same level as malware we’ve seen attributed to Western powers, but maybe not as well put together.” Symantec, part of Broadcomm Software, said it worked […]
The post ‘Most advanced’ China-linked backdoor ever, Daxin, raises alarms for cyber-espionage investigators appeared first on CyberScoop.
This Thursday morning, Russia started its invasion on Ukraine and, As predicted, the attacks in the physical world have been preceded and accompanied by cyber attacks: Renewed DDoS attacks have been launched against websites Ukrainian government agenci… Continue reading Cyber attacks on Ukraine: DDoS, new data wiper, cloned websites, and Cyclops Blink
Security researchers detected new destructive malware spreading in Ukraine on Wednesday, following evidence of distributed denial-of-service disruptions for government agencies — both of which overlapped with the beginnings of a Russian invasion. ESET said the data-wiping malware was “installed on hundreds of machines in the country,” and there were signs that the attackers had been preparing for almost two months. Silas Cutler, principle reverse engineer and resident hacker at Stairwell, said that the wiper damages a system’s master boot record, which tells a machine how to start up. That’s similar to malware known as WhisperGate that was used in an attack in January in Ukraine. Symantec, too, observed the wiper in action, and confirmed to CyberScoop that it has seen it in Latvia as well. Juan-Andres Guerrero-Saade, principal threat researcher at SentinelOne, said the wiper appeared to be more dangerous than the malware uncovered in January. None of the researchers […]
The post Another round of ‘wiper’ malware appears in Ukrainian networks appeared first on CyberScoop.
Continue reading Another round of ‘wiper’ malware appears in Ukrainian networks
Researchers at Symantec say they have identified some of the specific tactics used by a Russia-linked hacking operation that Ukraine’s government outed in November of last year. The cyber-espionage group, commonly labeled as Gamaredon or Armageddon, is known for using phishing emails to try to install remote access tools on victims’ computers, with the goal of exfiltrating data. Symantec’s Threat Hunter Team published a blog post Monday explaining how the spies used infected Microsoft Word attachments in mid-2021 to implant backdoor files allowing for the delivery of more malware. The researchers don’t specify who was targeted in their case study. The goal is to highlight the tactics, techniques and procedures (TTP) in question, especially if the Russia-Ukraine conflict boils over in the coming weeks, they say. “We do not expect to see reemergence of these TTPs until just prior or during active conflict,” the team told CyberScoop. As tensions between […]
The post Researchers detail Russia-linked group’s cyber-espionage tactics in Ukraine appeared first on CyberScoop.
Continue reading Researchers detail Russia-linked group’s cyber-espionage tactics in Ukraine
McAfee announced it has entered into a definitive agreement to be acquired by an investor group led by Advent International Corporation (“Advent”) and Permira Advisers LLC (“Permira”), Crosspoint Capital Partners (“Crosspoint Capital”), Canada Pension … Continue reading Investor Group to acquire McAfee for over $14 Billion
DTEX Systems launched DTEX Insider Intelligence and Investigations (DTEX I3), an expanded investigations and research division focused on delivering insider threat behavioral studies, intelligence packages and forensic investigations. DTEX I3 brings to… Continue reading DTEX Systems provides insider threat intelligence and investigation services with DTEX I3 research team