Nov 07, 2023NewsroomVulnerability / Malware The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also […]
The Russian-linked Turla hacking group has been observed using a new version of Kazuar backdoor to expand its attacks. The new findings come from Palo Alto Networks Unit 42, which has been tracking the adversary under the name Pensive Ursa. According to researchers, the malware has been spotted in the wild after years of hiatus […]
Summary In the past month, the Netskope Threat Labs team observed a considerable increase of SharePoint usage to deliver malware caused by an attack campaign abusing Microsoft Teams and SharePoint to deliver a malware named DarkGate. DarkGate (also known as MehCrypter) is a malware that was first reported by enSilo (now Fortinet) in 2018 and […]
Oct 30, 2023NewsroomCyber War / Malware A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst the ongoing Israeli-Hamas war. “This malware is an x64 ELF executable, lacking obfuscation or protective measures,” Security Joes said in a new report published today. “It allows attackers to […]
Oct 31, 2023NewsroomMalvertising / Threat Intelligence A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. “Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python developers, and visible […]
Oct 30, 2023NewsroomCyber War / Malware A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst the ongoing Israeli-Hamas war. “This malware is an x64 ELF executable, lacking obfuscation or protective measures,” Security Joes said in a new report published today. “It allows attackers to […]
Oct 30, 2023NewsroomMalware / Endpoint Security A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. “MSIX is a Windows app package format that developers can leverage to […]
Oct 30, 2023NewsroomMalware / Endpoint Security A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. “MSIX is a Windows app package format that developers can leverage to […]
By Cluster25 Threat Intel TeamOctober 25, 2023 Cluster25 observed a malicious campaign that employs LinkedIn messages as a vector for executing identity theft attacks. In this campaign, compromised LinkedIn accounts are utilized to send messages to users with the aim of compromising their accounts by illicitly procuring their cookies, session data, and browser credentials. The […]