Tag: Cyber Security
-
BlackByte Ransomware Returns: Introducing the New Technology (NT) Variant
Emerging around July 2021, BlackByte is a fully featured Ransomware-as-a-Service (RaaS) group that infiltrates organizations and demands hefty ransoms. They employ a strategy known as double extortion, stealing files from the targeted organization and publicly leaking them if the ransom goes unpaid. BlackByte is known for continuously updating and distributing homonymous malware in various versions.… Read more
-
Lemon Group’s Cybercrime Enterprise Leverages Millions of Pre-Infected Android Phones
The Lemon Group, a large cybercrime enterprise, has installed “Guerilla” malware on approximately 9 million Android-based devices, including smartphones, watches, TVs, and TV boxes. Techniques such as reflashing and silent installation have become prevalent in the past decade. Reflashing involves reprogramming or replacing the firmware of a device, allowing for modifications, firmware updates, or the… Read more
-
UNC3944 Exploits Azure Serial Console for Complete VM Takeover
A threat group known as UNC3944 (also known as Roasted 0ktapus and Scattered Spider) has been observed hijacking Microsoft Azure admin accounts through phishing and SIM-swapping attacks. The financially motivated group bypasses traditional detection methods within Azure and gains full administrative access to compromised virtual machines (VMs) within victim organizations using Microsoft’s cloud computing service.… Read more
-
Babuk Ransomware-as-a-Service (RaaS) Gaining Popularity
In early 2021, the Babuk ransomware operation emerged, targeting businesses through double-extortion attacks. Multiple large enterprises were attacked, with one victim having to pay $85,000 after negotiations. However, the group faced a setback when their ransomware source code and various encryptors and decryptors were leaked on a Russian-speaking hacking forum in September 2021. Their activities… Read more
-
New “Greatness” Phishing-as-a-Service Tool Already Active in Phishing Campaigns
A new phishing tool called “Greatness” has been discovered and deployed in various phishing campaigns since mid-2022. Security researchers identified several features commonly found in advanced phishing-as-a-service (PaaS) offerings like multi-factor authentication (MFA) bypass, IP filtering, and integration with Telegram bots. Greatness specifically targets victims through Microsoft 365 phishing pages and provides affiliates with an… Read more
-
Sophisticated Techniques Implemented by ViperSoftX InfoStealer to Evade Detection
A widespread cryptocurrency- and information-stealing malware called ViperSoftX has affected numerous victims across consumer and enterprise sectors throughout Australia, Japan, the U.S., and India. ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) that allows remote access and control over infected machines. This evasive malware has recently adopted advanced encryption and anti-analysis techniques to avoid detection.… Read more
-
San Bernardino County Pays Over $1M in Ransomware Attack
According to the San Bernardino Sun, San Bernardino County in California paid a ransom of $1.1 million to a hacker who had compromised the computer system of the county’s sheriff department. However, the county’s financial losses were partially mitigated by an insurance policy specifically designed to cover events of this nature, resulting in a payout… Read more
-
Enterprise Networks Under Attack by New Malware Toolkit ‘Decoy Dog’.
Cybersecurity researchers have discovered a new malware toolkit named Decoy Dog after analyzing over 70 billion DNS records. Decoy Dog is a sophisticated toolkit that uses techniques like domain aging, when a domain is registered but not used for some time, and DNS query dribbling to evade detection. While the malware’s usage in the wild… Read more
-
BellaCiao Malware linked to APT Charming Kitten
DefendEdge Cyber Threat IntelligenceMichael Spoloric, Analyst The discovery of the BellaCiao malware has once again highlighted the persistent threat posed by state-sponsored hacking groups. Charming Kitten, the group believed to be behind the malware, has a history of targeting organizations and individuals in various regions of the world, including the United States, Europe, the Middle… Read more