ALERTS HACKING


HOME  APT  BOTNET  CAMPAIGN  CRIME  CRYPTOCURRENCY  EXPLOIT  HACKING  GROUP  OPERATION  PHISHING  RANSOM  SPAM  VIRUS  VULNEREBILITY 


DATE

NAME

CATEGORY

SUBCATE

INFO

27.9.24

Twelve attack group aims to destroyALERTSHACKINGEstablished in 2023 in response to the Russian-Ukrainian conflict, the attack group known as Twelve has been observed targeting Russian government organizations. The group's tactics include file encryption via ransomware, file/system deletion via wipers, and exfiltration of sensitive data among others. Based on the analysis provided in a recently published report, the goal of the group is focused on destruction rather than financial gain.

27.9.24

New KLogExe and FPSpyALERTSHACKINGNew keylogger malware KLogExe and backdoor variant FPSpy have been used by Sparkling Pisces (aka Kimsuky, THALLIUM, Velvet Chollima) threat group. This APT group is known for its sophisticated cyber-espionage operations and advanced spear phishing attacks. Sparkling Pisces lure victims into downloading and executing malicious payloads. This includes the use of new and undocumented malware.

16.8.24

Discovery of tools and batch scripts targeting Windows and Linux systems

ALERTS

HACKINGAccording to a recent DFIR report, a range of threat actor tools has been found that can bypass security defenses like Windows Defender and Malwarebytes, delete backups, and disable systems. Among the discovered tools were Ngrok for proxy services and SystemBC, along with two well-known command-and-control frameworks: Sliver and PoshC2. The most recent activity was detected in August 2024.

10.7.24

Protection Highlight: Recent Sideloading AttacksALERTSHACKINGIn this bulletin however we'll talk about sideloading as it relates to the cybersecurity field. MITRE defines sideloading attacks in T1574.002 as a type of (search order) Hijack Execution Flow, which exploits the way Windows applications load DLLs.

3.7.24

Apple IDs Targeted in US Smishing CampaignALERTSHACKINGPhishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally,

23.5.24

Waltuhium GrabberALERTSHACKINGWaltuhium is an open-source infostealer that has been observed being shared in dark web forums. It is claimed to have features such as keylogging, screenshot capturing, WiFi stealing, Discord injection, password stealing, credit card stealing, cryptocurrency and wallet stealing, as well as tokens from Discord and browsers, and session stealing. Additionally, it has anti-VM and anti-debug functionality. The stolen data is zipped and posted to a defined Discord webhook server.
11.4.24Metasploit Meterpreter observed in attacks targeting vulnerable Redis serversALERTSHACKINGMeterpreter is an advanced Metasploit attack payload leveraged in penetration testing that uses in-memory DLL injection stagers. The tool has been known to be exploited by various threat actors for a long while now. In a recently reported campaign, Meterpreter has been observed being deployed to vulnerable or misconfigured Redis servers. The attackers have also been using a privilege escalation tool called PrintSpoofer. Meterpreter deployment to vulnerable servers is an initial attack step that might lead to deployment of further arbitrary payloads such as cryptominers or ransomware.
5.4.24YouTube Hijacking: Rise in Attack Campaigns Distributing InfostealersALERTSHACKINGAn increase in attack campaigns utilizing YouTube has been observed, with threat actors hijacking existing popular YouTube accounts to distribute Vidar and LummaC2 Infostealer malwares. Users are lured with videos purporting to offer cracked versions of everyday programs like Adobe. Links provided in the comments section lead to malicious packages uploaded to MediaFire. Consequently, users unwittingly become infected by downloading and executing malicious code instead of the desired program.