by Paul Ducklin Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend. Technically, in fact, you could say that the “attack” was successful, given that imposters were apparently able to make to make the same source code change on two separate occasions: . . . Read more
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.
Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign. More information has come to light about the Sunburst backdoor that could help defenders get a better handle on the scope of the . . . Read more
In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.
The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors.
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets. The SideWinder advanced persistent threat (APT) group has mounted a fresh phishing and malware initiative, using recent territory disputes between China, India, Nepal and Pakistan as lures. The goal . . . Read more
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. The DeathStalker advanced persistent threat (APT) group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal . . . Read more
In a recent cyberattack against an E.U. country’s Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.
The new backdoor comes with multiple payloads and new detection evasion tactics. A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat (APT) group. The Vietnam-backed OceanLotus (also known as APT 32) has been . . . Read more
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.