HackDig : Dig high-quality web security articles for hackers

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Microsoft’s report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware and tools. Microsoft published a new report that includes additional details of the SolarWinds supply chain attack. The new analysis shad lights on the handover from the Solorigate DLL backdoor to the Cobalt Strike loa
Publish At:2021-01-21 08:12 | Read:167 | Comments:0 | Tags:APT Breaking News Hacking Malware backdoor hacking news info

Raindrop, a fourth malware employed in SolarWinds attacks

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware
Publish At:2021-01-19 19:50 | Read:108 | Comments:0 | Tags:Breaking News Hacking Malware backdoor hacking news informat

Winnti APT continues to target game developers in Russia and abroad

A Chinese Threat actor targeted organizations in Russia and Hong Kong with a previously undocumented backdoor, experts warn. Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong. Experts attribute the attacks to the China-linked Winnt
Publish At:2021-01-15 11:48 | Read:102 | Comments:0 | Tags:APT Cyber warfare Intelligence Malware APT41 backdoor China

Connecting the dots between SolarWinds and Russia-linked Turla APT

Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage camp
Publish At:2021-01-11 18:06 | Read:189 | Comments:0 | Tags:APT Breaking News Cyber warfare Malware backdoor Hacking hac

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to
Publish At:2021-01-11 06:10 | Read:184 | Comments:0 | Tags:APT reports APT Backdoor Malware Descriptions Malware Techno

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a
Publish At:2021-01-06 09:24 | Read:208 | Comments:0 | Tags:Breaking News Hacking backdoor CVE-2020-29583 hacking news i

North Korea-linked Lazarus APT targets the COVID-19 research

The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members
Publish At:2020-12-25 15:20 | Read:327 | Comments:0 | Tags:APT Breaking News Malware backdoor coronavirus COVID-19 Hack

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. While tracking the Lazarus group’s continuous campaigns targ
Publish At:2020-12-23 07:00 | Read:190 | Comments:0 | Tags:APT reports Backdoor Lazarus Malware Descriptions Malware Te

Researchers shared the lists of victims of SolarWinds hack

Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from mu
Publish At:2020-12-22 18:24 | Read:187 | Comments:0 | Tags:Breaking News Hacking Malware backdoor hacking news informat

SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several
Publish At:2020-12-21 15:06 | Read:202 | Comments:0 | Tags:APT Breaking News Hacking Malware backdoor hacking news info

Sunburst: connecting the dots in the DNS requests

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting and rather unique features. We spent the past days checking our
Publish At:2020-12-18 10:00 | Read:294 | Comments:0 | Tags:APT reports Incidents Backdoor Malware Descriptions Malware

FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor

Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack. Microsoft, FireEye, and GoDaddy have created a kill switch for the Sunburst backdoor that was used in SolarWinds supply chain attack. Last week, Russia-linked hackers breached SolarWinds, the attackers had us
Publish At:2020-12-16 22:00 | Read:238 | Comments:0 | Tags:APT Breaking News Hacking Malware backdoor malware Solarigat

SolarWinds advanced cyberattack: What happened and what to do now

Over the weekend we learned more about the sophisticated attack that compromised security firm FireEye, the US Treasury and Commerce departments and likely many more victims. Threat actors hacked into IT company SolarWinds in order to use its software channel to push out malicious updates onto 18,000 of its Orion platform customers. This scenario, referre
Publish At:2020-12-14 17:48 | Read:264 | Comments:0 | Tags:Threat analysis backdoor FireEye hacking solarwinds sunburst

[SANS ISC] Python Backdoor Talking to a C2 Through Ngrok

I published the following diary on isc.sans.edu: “Python Backdoor Talking to a C2 Through Ngrok“: I spotted a malicious Python script that implements a backdoor. The interesting behavior is the use of Ngrok to connect to the C2 server. Ngrok has been used for a while by attackers. Like most services available on the Internet, it has been abuse
Publish At:2020-12-10 11:49 | Read:147 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Backdoor Ngrok P

Cyber mercenaries group DeathStalker uses a new backdoor

The group of cyber mercenaries tracked as DeathStalker has been using a new PowerShell backdoor in recent attacks. The cyber mercenaries group known as DeathStalker has been using a new PowerShell backdoor in recent attacks. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms an
Publish At:2020-12-05 09:37 | Read:347 | Comments:0 | Tags:APT Breaking News Cyber Crime Hacking backdoor deathstalker

Tools

Tag Cloud