Tag : backdoor

28 attack reports | 0 vulnerabilities

Attack Reports

Title Published Tags Description Number of indicators
Targeted Iranian Attacks Against Iraqi Government Infrastructure Sept. 12, 2024, 8:21 a.m. Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and… 16
Loki: a new private agent for the popular Mythic framework Sept. 9, 2024, 9:22 a.m. Kaspersky researchers discovered a previously unknown Loki backdoor, utilized in a series of targeted attacks. Analysis revealed … 7
Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders Sept. 3, 2024, 8:02 a.m. A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least f… 46
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations Aug. 30, 2024, 5:46 p.m. Between April and July 2024, Iranian state-sponsored threat actor Peach Sandstorm deployed a new custom multi-stage backdoor call… 9
HZ Rat backdoor for macOS harvests data from WeChat and DingTalk Aug. 27, 2024, 3:12 p.m. A version of the HZ Rat backdoor targeting users of China’s WeChat and DingTalk was uploaded to VirusTotal in July 2023 and was n… 10
A Dive into Latest Campaign Aug. 9, 2024, 8:15 p.m. Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle … 30
Hackers Leveraging OneDrive Or Google Drive To Hide Malicious Traffic Aug. 7, 2024, 4:11 p.m. Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Dr… 20
Fighting Ursa Luring Targets With Car for Sale Aug. 5, 2024, 8:30 a.m. This analysis examines a campaign attributed to the Russian threat actor Fighting Ursa, also known as APT28, Fancy Bear, and Sofa… 6
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor Aug. 2, 2024, 9:57 a.m. Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service … 8
Patch or Peril: A Veeam vulnerability incident July 12, 2024, 5:31 p.m. While the vulnerability CVE-2023-27532 was made public in March 2023 and subsequently patched by Veeam for versions 12/11a and la… 2
MoonWalk July 12, 2024, 4:11 p.m. This blog post examines MoonWalk, a new backdoor employed by APT41, a China-based threat actor known for campaigns in Southeast A… 3
Turla: A Master of Deception July 8, 2024, 10:45 a.m. This report details a recent campaign by the Turla threat group involving malicious LNK files that deliver a fileless backdoor. T… 10
Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692) July 3, 2024, 11:39 a.m. A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute mal… 14
Appearance of Kimsuky group's new backdoor (HappyDoor) July 1, 2024, 10:37 a.m. Asec Ahnlab analyzes a new backdoor malware called HappyDoor used by the North Korean hacking group Kimsuky in recent email attac… 16
Malicious npm package targets AWS users June 27, 2024, 7:58 a.m. ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked … 3
North Korean based backdoor packs a punch June 21, 2024, 6:47 a.m. This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previous… 20
Sustained Campaign Using Chinese Espionage Tools Targets Telcos June 20, 2024, 4:46 p.m. Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country… 47
Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework June 19, 2024, 11:37 a.m. Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows … 46
SolarMarker Impersonates Job Employment Website June 18, 2024, 9:45 p.m. On April 2024, Cyber Analysts responded to a SolarMarker infection event. The infection occurred through a drive-by download when… 6
Dipping into Danger: The WARMCOOKIE backdoor June 12, 2024, 10:41 a.m. Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… 6
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment June 10, 2024, 11:03 a.m. This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial a… 33
Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor June 6, 2024, 12:27 p.m. Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module… 11
Wineloader - Analysis of the Infection Chain June 6, 2024, 8:13 a.m. The analysis examines the Wineloader backdoor, a modular malware attributed to the APT29 threat group, which allows further tools… 9
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack May 24, 2024, 1:29 p.m. Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowin… 10
Springtail: New Linux Backdoor Added to Toolkit May 16, 2024, 4:46 p.m. Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage… 20
To the Moon and back(doors): Lunar landing in diplomatic missions May 16, 2024, 9:35 a.m. ESET researchers discovered two previously unknown backdoors – LunarWeb and LunarMail – compromising a European ministry of forei… 12
LNK File Disguised as Certificate Distributing RokRAT Malware May 7, 2024, 8:32 a.m. This analysis delves into the continuous distribution of malicious shortcut files (*.LNK) targeting South Korean users, particula… 4
Playing Possum: What's the Backdoor Up To? May 3, 2024, 10:47 a.m. This report analyzes the Wpeeper backdoor targeting Android systems. Wpeeper utilizes compromised WordPress sites as relay C2 ser… 98