![]() Microsoft was quick to patch the issue after Google reported it. This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident." "The document, titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx”, references the tragic incident in the neighborhood of Itaewon, in Seoul, South Korea during Halloween celebrations on October 29, 2022. "On October 31, 2022, multiple submitters from South Korea reported new malware to us by uploading a Microsoft Office document to VirusTotal," Google writes. Researchers at Google's Threat Analysis Group report that North Korean threat actor APT37 exploited a zero-day vulnerability in Microsoft Internet Explorer in a phishing campaign against South Korean targets. And because Github is a legitimate service, it raises fewer questions.” This technique is also interesting, as it is unusual for Iranian malware, and represents a departure from past Iranian practice. For more on Cobalt Mirage's recent campaign, see CyberWire Pro. “All the traffic to Github is encrypted, meaning defensive technologies can’t see what is being passed back and forth. “The use of Github as a virtual dead drop helps the malware blend in,” says Secureworks’ Principal Researcher and thematic lead for research focused on Iran, Rafe Pilling, in a media release. GitHub allows for these threat actors to fly under the radar more easily. The malware uses GitHub as a dead drop resolver to locate its command and control (C2) infrastructure. Secureworks Counter Threat Unit researchers investigated the Drokbk malware, found to be operated by a subgroup of Iran’s government-sponsored COBALT MIRAGE threat group, known as Cluster B. Bitdefender attributes this campaign to BackdoorDiplomacy based on the domains used for command-and-control. For more on BackdoorDiplomacy, see CyberWire Pro. ESET noted that the group primarily targets Ministries of Foreign Affairs in the Middle East and Africa, and less frequently, telecommunication companies. Bitdefender suspects BackdoorDiplomacy, a China-linked APT discovered last year by researchers at ESET. These included the Irafau and Quarian backdoors and the Pinkman Agent. After gaining access, the threat actor deployed multiple tools to establish persistence, move laterally, and escalate privileges. The threat actor gained initial access by exploiting the ProxyShell vulnerability in Microsoft Exchange Server. The Trojan has the ability to steal credentials from the Facebook accounts of victims, including email, phone number, password, ID, and name. For more on Schoolyard Bully, see CyberWire Pro.īitdefender has published a report describing a Chinese cyberespionage operation targeting telecom providers in the Middle East. The Trojan has been active since 2018 and primarily targets Vietnamese readers. Mobile security firm Zimperium has discovered an Android threat, the Schoolyard Bully Trojan. This week's activities in cyber gangland. ![]() Data breach at Amnesty International Canada linked to China.Third-party incidents in New Zealand and Belgium.Rackspace works to remediate a ransomware incident.This week's activities in cyber gangland. ![]() The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. The cookie is used to store the user consent for the cookies in the category "Performance". This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. The cookies is used to store the user consent for the cookies in the category "Necessary". The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". The cookie is used to store the user consent for the cookies in the category "Analytics". These cookies ensure basic functionalities and security features of the website, anonymously. Necessary cookies are absolutely essential for the website to function properly.
0 Comments
Leave a Reply. |