HackDig : Dig high-quality web security articles for hackers

Winnti APT continues to target game developers in Russia and abroad

A Chinese Threat actor targeted organizations in Russia and Hong Kong with a previously undocumented backdoor, experts warn. Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong. Experts attribute the attacks to the China-linked Winnt
Publish At:2021-01-15 11:48 | Read:77 | Comments:0 | Tags:APT Cyber warfare Intelligence Malware APT41 backdoor China

Connecting the dots between SolarWinds and Russia-linked Turla APT

Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage camp
Publish At:2021-01-11 18:06 | Read:121 | Comments:0 | Tags:APT Breaking News Cyber warfare Malware backdoor Hacking hac

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to
Publish At:2021-01-11 06:10 | Read:176 | Comments:0 | Tags:APT reports APT Backdoor Malware Descriptions Malware Techno

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a
Publish At:2021-01-06 09:24 | Read:197 | Comments:0 | Tags:Breaking News Hacking backdoor CVE-2020-29583 hacking news i

North Korea-linked Lazarus APT targets the COVID-19 research

The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members
Publish At:2020-12-25 15:20 | Read:249 | Comments:0 | Tags:APT Breaking News Malware backdoor coronavirus COVID-19 Hack

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. While tracking the Lazarus group’s continuous campaigns targ
Publish At:2020-12-23 07:00 | Read:173 | Comments:0 | Tags:APT reports Backdoor Lazarus Malware Descriptions Malware Te

Researchers shared the lists of victims of SolarWinds hack

Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from mu
Publish At:2020-12-22 18:24 | Read:163 | Comments:0 | Tags:Breaking News Hacking Malware backdoor hacking news informat

SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several
Publish At:2020-12-21 15:06 | Read:195 | Comments:0 | Tags:APT Breaking News Hacking Malware backdoor hacking news info

Sunburst: connecting the dots in the DNS requests

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting and rather unique features. We spent the past days checking our
Publish At:2020-12-18 10:00 | Read:270 | Comments:0 | Tags:APT reports Incidents Backdoor Malware Descriptions Malware

FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor

Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack. Microsoft, FireEye, and GoDaddy have created a kill switch for the Sunburst backdoor that was used in SolarWinds supply chain attack. Last week, Russia-linked hackers breached SolarWinds, the attackers had us
Publish At:2020-12-16 22:00 | Read:223 | Comments:0 | Tags:APT Breaking News Hacking Malware backdoor malware Solarigat

SolarWinds advanced cyberattack: What happened and what to do now

Over the weekend we learned more about the sophisticated attack that compromised security firm FireEye, the US Treasury and Commerce departments and likely many more victims. Threat actors hacked into IT company SolarWinds in order to use its software channel to push out malicious updates onto 18,000 of its Orion platform customers. This scenario, referre
Publish At:2020-12-14 17:48 | Read:208 | Comments:0 | Tags:Threat analysis backdoor FireEye hacking solarwinds sunburst

[SANS ISC] Python Backdoor Talking to a C2 Through Ngrok

I published the following diary on isc.sans.edu: “Python Backdoor Talking to a C2 Through Ngrok“: I spotted a malicious Python script that implements a backdoor. The interesting behavior is the use of Ngrok to connect to the C2 server. Ngrok has been used for a while by attackers. Like most services available on the Internet, it has been abuse
Publish At:2020-12-10 11:49 | Read:133 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Backdoor Ngrok P

Cyber mercenaries group DeathStalker uses a new backdoor

The group of cyber mercenaries tracked as DeathStalker has been using a new PowerShell backdoor in recent attacks. The cyber mercenaries group known as DeathStalker has been using a new PowerShell backdoor in recent attacks. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms an
Publish At:2020-12-05 09:37 | Read:322 | Comments:0 | Tags:APT Breaking News Cyber Crime Hacking backdoor deathstalker

Operators behind Dark Caracal are still alive and operational

The Dark Caracal APT group has carried out a series of attacks against multiple sectors using a new variant of a 13-year-old backdoor Trojan. The Dark Caracal cyberespionage group is back, researchers from Check Point uncovered a new series of attack against multiple industries. The Dark Caracal is an APT group associated with the Lebanese General Dire
Publish At:2020-11-29 08:48 | Read:228 | Comments:0 | Tags:APT Breaking News Hacking Malware backdoor Dark Caracal. APT

IT threat evolution Q3 2020

Targeted attacks MATA: Lazarus’s multi-platform targeted malware framework The more sophisticated threat actors are continually developing their TTPs (Tactics, Techniques and Procedures) and the toolsets they use to compromise the systems of their targets. However, malicious toolsets used to target multiple platforms are rare, because they required sig
Publish At:2020-11-20 06:07 | Read:227 | Comments:0 | Tags:Featured Malware reports Backdoor Exploit Kits Malware Descr

Tools

Tag Cloud