Cyber Security Advisories
North Korean Linked MISTPEN Malware
Security Advisory -
VectorStealer Malware
Security Advisory -
Snake Implant Malware
Cicada3301: A Cross-Platform
Rust-Based Ransomware
Neutralizing Russian
Military Cyber Threats
Security Advisory -
VectorStealer Malware
Security Advisory -
Snake Implant Malware
Cicada3301: A Cross-Platform
Rust-Based Ransomware
CrowdStrike
Fallout
CyberStash Security Advisory -
Lockbit 3.0 Ransomware
Cuttlefish
Malware
Deadglyph
Malware
In a recent cyber espionage incident targeting the Middle Eastern Government entities, a newly emerged and highly sophisticated backdoor malware called ‘Deadglyph’ made its ominous debut.
The Deadglyph malware is designed with interchangeable parts, known as modules. These modules are like specialized tools that it can download from a central control center (C2). Each tool, or module, comes with specific instructions called shellcodes that the malware follows to carry out different tasks.
This modular approach gives threat actors the flexibility to create new tools whenever they need them. It’s like having a toolbox with the ability to craft custom tools for specific targets. These custom tools can then be sent to victims to carry out additional harmful actions.
Deep
Gosu
DEEP#GOSU Malware represents a highly sophisticated and elaborate cyber threat campaign observed recently, leveraging PowerShell and VBScript malware to compromise Windows systems. DEEP#GOSU malware is highly advanced and operates stealthily on Windows systems, especially when it comes to monitoring network activity.
Its abilities encompassed keylogging, monitoring clipboard activities, executing dynamic payloads, exfiltrating data, and maintaining persistence. This was achieved through a combination of Remote Access Trojan (RAT) software for complete remote control, scheduled tasks, and self-executing PowerShell scripts utilizing jobs.
Security Advisory -
DragonSpark
Exploiting
The regreSSHion Vulnerability
Emojis
Powered Malware Operations
3CX
Desktop App Report
BellaCiao
IRGC
An Iranian state-sponsored hacking group known as APT35/APT42 or Mint Sandstorm has been identified as deploying a new strain of malware named BellaCiao, which has targeted victims in various countries, including the U.S., Europe, India, Turkey, and others. The campaign aims to exploit vulnerabilities in Microsoft Exchange servers to gain unauthorized access and deploy malicious payloads for espionage, data theft, and potentially ransomware attacks.
BellaCiao is a dropper malware designed to deliver additional malicious payloads to compromised devices based on instructions from the threat actors. Its primary objective is to establish persistence and maintain stealth while awaiting further instructions. The malware is customized for each victim (including hardcoded information such as company name, specially crafted subdomains, or associated public IP address) ensuring tailored implants and evading detection mechanisms.
BiBi
Wiper Malware
In a recent surge of cyber threats, Israeli computers are increasingly facing data-wiping attacks perpetrated by variants of the BiBi malware family. Researchers have identified these destructive elements affecting both Linux and Windows systems. The attacks are part of a broader cyber offensive targeting various sectors in Israel, notably in education and technology.
The Security Joes’ Incident Response team recently uncovered ‘BiBi-Linux,’ a malware strain designed for irreversible data corruption and operational disruption. Following this discovery, ESET researchers confirmed on October 31,2023 that a Windows variant of the same malware, linked to a hacktivist group named BiBiGun, was identified. This group is associated with Hamas, indicating a coordinated effort in deploying the malware for potential cyber-attacks and disruptions.