May 5, 2024

North Korea hacking teams hack South Korea defence contractors – police

North Korean hacking groups have targeted defense contractors in South Korea, according to police reports. The attackers were identified through an analysis of source IP addresses, signal re-routing structures, and malware signatures. Authorities, in collaboration with national intelligence agencies and private sector experts, traced the hacks back to these groups.The Hacking teams linked to North Korea’s intelligence apparatus and known […]
April 15, 2024

EPA critical infrastructure contacts stolen, attackers claim

JSOutProx malware targets financial customers by delivering fake SWIFT payment notifications to businesses and fake MoneyGram templates to civilians.Currently, the threat group is targeting financial organizations in the Philippines, Laos, Singapore, Malaysia, India, and Saudi Arabia, which researchers believe is linked to China.
April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

A number of cyberattacks have been observed targeting Linux systems in Asian campaigns through the use of the Pupy Remote Access Trojan (RAT). The Pupy RAT’s intricate capabilities, including remote command execution, information theft, keylogging, and its ability to evade detection, make it a valuable tool for cybercriminals seeking to compromise and infiltrate systems in Asia region. In order to […]
March 14, 2024

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

AndroxGh0st is a Python-based malware designed to target Laravel applications. It scans and extracts critical information from .env files, revealing login details for AWS and Twilio. As an SMTP cracker, it exploits SMTP using various strategies, including credential exploitation, web shell deployment, and vulnerability scanning. The ability of the program to generate AWS suggests the possibility of brute force attacks. […]
March 14, 2024

DarkGate Malware Leveraged Newly Patched Microsoft Vulnerability in Zero-Day Exploit

An underground campaign called Dark Gate was discovered by the Zero Day Initiative (ZDI) in mid-January 2024 that exploited CVE-2024-21412 by using fake software installers. As part of this campaign, users were lured by PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects, causing them to navigate to compromised websites that contained the malicious Microsoft Windows SmartScreen bypass CVE-2024-21412 […]
March 5, 2024

New WogRAT malware abuses online notepad service to store malware

A new malware dubbed ‘WogRAT’ targets both Windows and Linux in attacks abusing an online notepad platform named ‘aNotepad’ as a covert channel for storing and retrieving malicious code. aNotepad isn’t blocklisted or treated suspiciously by security tools, which helps make the infection chain stealthier. When the malware is first executed on the victim’s machine, it is unlikely to be […]
February 29, 2024

A North Korean-linked APT group exploited a zero-day vulnerability in the Windows AppLocker driver (appid.sys) to gain kernel-level access to a target system

An APT group linked to North Korea is exploiting a zero-day vulnerability in the appid.sys AppLocker driver using an admin-to-kernel exploit. A zero-day exploit, identified as CVE-2024-21338, was addressed by Microsoft in February. The flaw CVE-2024-21338 resides within the IOCTL (Input and Output Control) dispatcher of the driver appid.sys. In the AppLocker application, this driver controls which apps and files […]
February 29, 2024

Black Basta ransomware attacks ZircoDATA company

ZircoDATA is the leading provider of secure document storage and records management (RIM) solutions from information governance and digital conversion to storage, language services and secure shredding since 1995.ZircoDATA has been attacked by the Black Basta Group, claiming 395 GB of data, including financial documents, personal user folders, and confidentiality agreements. There are at least 46 passport scans and 12 […]
June 9, 2023

HWL Ebsworth declare they won’t meet APLHV ransomware gang’s demands

On Friday 9th of June 2023, one of Australia’s largest law firms HWL Ebsworth confirmed to local media outlets that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the company. The ALPHV ransomware gang has published 1.45 terabytes of data containing over a million documents allegedly stolen from the law firm’s […]
123456789101112131415161718192021222324252627282930
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.