Russian hackers have intensified attacks on the mobile devices of Ukrainian military personnel - State Special Communications Service research. Russian hackers have increased the number of cyberattacks on the mobile devices of Ukrainian military personnel. In the second half of 2023, hackers associated with the GRU of the Russian Federation actively used messengers and social engineering to spread malware. The analytical report "Russian Cyber Operations" H2 '2023 prepared in English by experts from the government's Computer Emergency Response Team of Ukraine (CERT-UA) is here: https://lnkd.in/d3YT-DNg Key points in attacks on mobile devices: ▪️ Use of legitimate products as camouflage: hackers disguised spyware as installers of legitimate programs, such as the "Kropyva" situational awareness system. ▪️ Spread of malware through Signal and Telegram: criminals used these messengers to distribute malicious files, disguising them as cybersecurity instructions from CERT-UA. ▪️ Swift reaction and adaptation: hackers quickly responded to new defense methods and developed new attack vectors. ▪️ Targeting Windows software: most messenger-based attacks aimed to spread malware for Windows, as many military personnel use computer versions of messengers. ▪️ Use of bait files: criminals distributed malware in the form of zip or rar archives, disguising them as certificate updates for the Delta situational awareness complex.
Raisa Fedorovska’s Post
More Relevant Posts
-
Pakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files: Cybersecurity experts at Seqrite Labs have reported a surge in cyberattacks against Indian government entities. These attacks have been attributed to Pakistani Advanced Persistent Threat (APT) groups, which have been intensifying their malicious activities. Attack Methods The recent campaigns uncovered by Seqrite Labs’ APT team reveal a sophisticated level of cyber warfare. Is Your Network […] The post Pakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
To view or add a comment, sign in
-
🚨 Infamous Chisel Android Malware Targets Ukrainian Military 🚨 A coalition of cybersecurity agencies from five nations – Australia, Canada, New Zealand, the U.K. and the U.S. – has uncovered a serious threat. Infamous Chisel, linked to the Russian state-sponsored actor Sandworm, is actively targeting Android devices used by the Ukrainian military. This malicious software can enable unauthorized access, scan files, monitor traffic, and steal sensitive information. Russian forces used battlefield-captured Ukrainian tablets to remotely spread the malware to other devices via the Android Debug Bridge (ADB) command-line tool. Sandworm, also known as Iron Viking and other aliases, has a history of disruptive cyber campaigns. This discovery highlights the adaptability of Sandworm’s tactics, as noted by Mandiant (now part of Google Cloud). Infamous Chisel is a multifaceted threat designed for remote access and data exfiltration from Android phones. It replaces the legitimate nedt daemon, granting root-level privileges on compromised devices. Learn more about this critical cybersecurity threat and Sandworm’s tactics here ⬇ #Cybersecurity #Malware #Ukraine #Sandworm #StayInformed
Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
thehackernews.com
To view or add a comment, sign in
-
Microsoft says that a group of Iranian-backed state hackers, Mint Sandstorm (PHOSPHORUS), a subgroup of the notorious APT35 Iranian cyberespionage group (also known as Charming Kitten)) linked to the Islamic Revolutionary Guard Corps (IRGC), are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks using a new backdoor malware called MediaPl. Check out today's Metacurity for more on this development and other top infosec new you should know, including --Swiss government targeted by NoName, --PixieFail UEFI firmware flaws impact boot process, --Feds warn of Chinese drone risks, --Thousands of companies shovel data to Facebook, --much more #mintsandstorm #iranianhackers #swissgovernment #noname #chinesedrones #facebook #hackers #malware #databreach #infosec #cybersecurity https://lnkd.in/dfHrzUB9
Iranian Hackers Are Targeting Research Organizations, Universities in Europe, US
metacurity.substack.com
To view or add a comment, sign in
-
Suspected China-based hackers target Uzbekistan gov’t, South Koreans, Cisco says. Here's what you need to know: 1. Hackers believed to be from China have launched a cyber-attack on the Ministry of Foreign Affairs in Uzbekistan and targets in South Korea, using a variant of Gh0st RAT malware known as SugarGh0st, according to a report by Cisco Talos. 2. SugarGh0st malware enables hackers to explore a wider range of reconnaissance abilities, such as key and file extension searches, delivering customized commands, and evasion of detection. Furthermore, it allows hackers to take full remote control of infected machines for operations like real-time and offline keylogging, webcam access, and file operations. 3. Chinese-speaking threat actors have reportedly used versions of Gh0st RAT for several years, targeting organizations and individuals in Uzbekistan. Variants of this malware are now used by Chinese-speaking actors for surveillance and espionage attacks. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/dCm3nwa6
Suspected China-based hackers target Uzbekistan gov’t and South Koreans, Cisco says
therecord.media
To view or add a comment, sign in
-
Alert! Iranian Hackers Deploy New Marlin Backdoor in Espionage Campaign 🇮🇷 Cyber sleuths have uncovered a chilling update! An Iranian APT group (OilRig, aka APT34) has upgraded its arsenal with a brand new backdoor called Marlin. This sneaky tool is part of a long-running espionage operation targeting organizations in Israel, Tunisia, and the UAE since 2018.🛢️🇮🇷 Who's affected? Diplomatic organizations, tech companies, and medical institutions are all in the crosshairs. 🪮 But fear not, cyber warriors! Here's how to shield yourself 🛡️: ️Be a web detective: Don't fall for fishy links or shady downloads. ☑️ Patch it up: Regularly update your devices and software to plug those security holes. 🩹 ⚔️ Arm yourself: Invest in top-notch security protection with advanced threat detection. 🔎 Stay on top of the game 🔼: ℹ️ Dive deeper: Uncover more details here: https://lnkd.in/dhFtVFcm ️Spread the word 🗣️: Share this post and raise awareness! Together, we can fight cybercrime! 👊🏻 Remember: Vigilance and good cyber hygiene are your ultimate weapons. Stay informed, stay safe! ⚔️🔱️ #cybersecurity #digitaldefense #staysafe #patchyourdevices
To view or add a comment, sign in
-
Discover the gripping tale of how the FBI crushed a Russian botnet, exposing global cyber dangers and the relentless APT28 threat group. Unveil the cyber resilience lessons while unraveling the high-stakes world of international espionage and cyber counterattacks! #StaySecuritySavvy The botnet in question was composed of hundreds of small office/home office (SOHO) routers, specifically Ubiquiti Edge OS routers. These devices had been infected with Moobot malware and were controlled by the GRU's Military Unit 26165, also known as APT28, Fancy Bear, and Sednit. The targets of this Russian hacker group ranged from the U.S. and foreign governments to military entities, and security and corporate organizations. - Unlike previous GRU and Russian Federal Security Service (FSB) malware networks, this botnet wasn't created from scratch. Instead, the GRU repurposed the 'Moobot' malware, typically associated with a renowned criminal group. - Initially, cybercriminals unconnected to the GRU infiltrated Ubiquiti Edge OS routers and deployed the Moobot malware. They targeted Internet-exposed devices with broadly known default administrator passwords. - Subsequently, the GRU hackers exploited the Moobot malware to deploy their custom malicious tools. This transformed the botnet into a global cyber-espionage tool. https://lnkd.in/e8uajk_g
Breaking Down the FBI's Takedown of a Russian Botnet: Lessons in Cyber Resilience
blog.cybersoar.us
To view or add a comment, sign in
-
Microsoft has identified a new backdoor, FalseFont, targeting the Defense Industrial Base (DIB) sector, attributed to an Iranian threat actor known as Peach Sandstorm. The backdoor allows remote access, file launching, and data transmission to command-and-control servers. This is part of a broader campaign involving password spray attacks and intelligence collection. The group has been active since at least 2013, and the disclosure coincides with other cyber threats from Iran and Hezbollah. The article emphasizes the need for advanced security measures. #dib #dod #nationalsecurity #criticalinfrastructure #criticalinfrastructureprotection
Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector
thehackernews.com
To view or add a comment, sign in
-
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as APT28 to facilitate covert cyber operations and drop custom malware for follow-on exploitation. APT28, affiliated with Russia's Main Directorate of the General Staff (GRU), is known to be active since at least 2007. APT28 actors have "used compromised EdgeRouters globally to harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools," the authorities said [PDF]. The adversary's use of EdgeRouters dates back to 2022, with the attacks targeting aerospace and defense, education, energy and utilities, governments, hospitality, manufacturing, oil and gas, retail, technology, and transportation sectors in the Czech Republic, Italy, Lithuania, Jordan, Montenegro, Poland, Slovakia, Turkey, Ukraine, the U.A.E., and the U.S. #cybersecurity #cyberintelligence #cyberdefense #cybercrime #cyberawareness #cyberresilience #cybercriminals #cyberops #cyberhygiene #cyberrecovery
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat
thehackernews.com
To view or add a comment, sign in
-
Iranian Charming Kitten hackers targeted Israeli organizations in October. Here's what you need to know: 1. Iranian APT group Charming Kitten, linked to the Islamic Revolutionary Guard Corps, targeted Israeli transportation, logistics and technology sectors last month. CrowdStrike believes this increase in cyber activity was driven by the start of Israel's war with Hamas. 2. Charming Kitten used strategic web compromise tactics and deployed various types of malware, primarily from the IMAPLoader family. The group often lures targets to compromised websites to exfiltrate data. Recently it's been observed collecting browser info and IP addresses using a custom script rather than open-source software. 3. Microsoft researchers suggested that Iran's cyber operations might not be as coordinated or impactful as claimed. They point to evidence that attacks appear more opportunistic rather than strategically targeted, with Iran possibly exaggerating the extent and precision of its impact. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/eXEbc2tV
Iranian Imperial Kitten hackers targeted Israeli organizations in October
therecord.media
To view or add a comment, sign in
-
NETWORK ENGINEER | CompTia A+ | PC building Enthusiast | Packet analyser | PCNSE | Routing specialist l QA tester
Chinese state-backed hackers have been accused of breaking into a computer network used by the Dutch armed forces in 2023. The hackers targeted Fortinet FortiGate devices, exploiting a known critical security flaw in FortiOS SSL-VPN (CVE-2022-42475, CVSS score: 9.3) that allowed them to execute arbitrary code via specially crafted requests. The intrusion paved the way for the deployment of a backdoor known as COATHANGER, which was designed to grant persistent remote access to the compromised appliances. The Dutch National Cyber Security Centre (NCSC) described COATHANGER as "stealthy and persistent," adding that it survived reboots and firmware upgrades. The development marks the first time the Netherlands has publicly attributed a cyber espionage campaign to China. This news arrives just days after U.S. authorities took steps to dismantle a botnet comprising out-of-date Cisco and NetGear routers that were used by Chinese threat actors to conceal the origins of malicious traffic. #chinese #hackers #exploit #breach #cybersecurity #networksecurity #dutch #ssl #vpns #fortigate
Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network
thehackernews.com
To view or add a comment, sign in