Stanley Tsang’s Post

Emerging from the in-depth analysis of the notorious TA544 group, renowned in past years for distributing Ursnif, our latest report delves into a recent campaign featuring the utilization of a new loader known as Hijack Loader (aka IDAT Loader). This loader serves as the final payload, distributing the infamous RemCos RAT. Notably, the threat actor is also deploying additional malware, including SystemBC. This revelation underscores a significant shift in the attacker's business model towards providing IAaaS (Initial Access as a Service) within the criminal ecosystem. The landscape is evolving, and it's crucial for cybersecurity professionals to stay vigilant against these emerging threats. Thank you to Yoroi's Malware Lab for another great analysis ! https://lnkd.in/dPJrtZVe Yoroi ( TINEXTA S.P.A. ) #defencebelongstohumans #Cybersecurity #ThreatIntelligence #TA544 #RemCosRAT #IAaaS #CyberDefense

New Backdoor CR4T Targeting Middle East Governments Detected! 🌐 Government entities in the Middle East are under siege from a sophisticated campaign deploying a new backdoor dubbed CR4T. 🔍 Discovered by Kaspersky in February 2024, evidence suggests this campaign may have been active for over a year under the codename DuneQuixote. 💻 Attackers employ evasive tactics in both network communications and malware code to avoid detection, making this threat particularly insidious. 🛡️ Protect your systems with robust cybersecurity measures. Contact us for expert assistance in safeguarding your organization against emerging threats. #SimpleCyber #Cybersecurity #MiddleEast #CR4T #ThreatDetection

𝗗𝗲𝗮𝗱𝗴𝗹𝘆𝗽𝗵 𝗠𝗮𝗹𝘄𝗮𝗿𝗲: 𝗔 𝗦𝘁𝗲𝗮𝗹𝘁𝗵𝘆 𝗮𝗻𝗱 𝗠𝗼𝗱𝘂𝗹𝗮𝗿 𝗧𝗵𝗿𝗲𝗮𝘁 𝗶𝗻 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁 𝗔𝘁𝘁𝗮𝗰𝗸𝘀 A sophisticated backdoor #malware, 'Deadglyph,' recently targeted a Middle Eastern government agency, attributed to the state-sponsored hacking group Stealth Falcon APT. Deadglyph's modular design and complex loading chain make it exceptionally challenging to detect. This cyber threat is highly adaptable, with various modules enabling attackers to gather system information, execute commands, and read files. While we have limited details on the initial infection, it's crucial to stay vigilant. 🛡️ Protect your systems effectively with #Abatis and minimize the risk of malware threats. Get started today. https://lnkd.in/gt-jPefK #CyberThreats #SoftwareSecurity #DataProtection #DataSecurity #CyberAttack #Cybersecurity #CyberAwareness

A recently discovered backdoor malware, known as “Deadglyph,” has been detected in a cyberattack targeting a government agency in the Middle East. This malicious software has been linked to the activities of the Stealth Falcon APT hackers, also known as Project Raven or FruityArmor, a state-affiliated hacking group based in the United Arab Emirates (UAE). Stealth Falcon hackers have been targeting activists, journalists and dissidents for nearly a decade. During the LABScon cybersecurity conference, ESET researcher Filip Jurčacko unveiled a comprehensive analysis of a recently discovered malware and its method of infecting devices running the Windows operating system. Deadglyph backdoor malware While ESET currently lacks information regarding the precise initial infection method, there is a suspicion that a malicious executable file, potentially an installer, may be involved. ~First Hackers News Continue reading this article by clicking on this link >>> https://lnkd.in/eJne9vJ7 Subscribe to our newsletter to get update on latest cybersecurity news. #malicious #malware #backdoormalware #hackinggroup #Deadglyph #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

"Hackers use new malware to breach air-gapped devices in Eastern Europe " And there was me thinking air-gapping was in the same realms as rainbow unicorns and pots of gold at the end of the rainbow Anybody relying on air-gapped environments has never had to make an emergency switch or firewall change at 3 am on a Sunday. Breaking any air-gapped design takes one wrong or forgotten ACL or firewall rule. It's an interesting read on how the attackers use a multi-stage attack. Link to article: https://lnkd.in/egXbARit #cybersecuritynews #cybersecurity

Threat actors exploit SSH credentials to gain unauthorized access to systems and networks, executing malicious activities by leveraging weak or compromised credentials. The misuse of SSH credentials offers a covert entryway for threat actors to compromise and commandeer targeted systems. On January 4th, 2024, the Sysdig Threat Research Team (TRT) unearthed a network mapping tool named SSH-Snake, deployed as a self-propagating worm. The tool was discovered exploiting SSH credentials in its propagation, presenting a substantial threat to network security that requires careful handling. It actively seeks out credentials and shell history to target its next victims, with threat actors presently leveraging the SSH-Snake malware. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/eUWbqti4 #threatactors #ssh #malicious #compromised #trt #networksecurity #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

Beware of China-Linked Hackers and Their New 'UNAPIMON' Malware 🚨 A cyberthreat group known as Earth Freybug, a subset of the China-linked APT41, has been observed using a new malware called UNAPIMON to conduct stealthy espionage and financially motivated activities 🕵️♀️ Earth Freybug has been active since at least 2012 and is known to target organizations across various sectors worldwide[2]. Their latest attack campaign involves using a legitimate VMware Tools executable to deploy malicious files and ultimately run the UNAPIMON malware. 🛡️ UNAPIMON is designed to evade detection by unhooking critical API functions, making it difficult to monitor in sandbox environments[2]. The malware also leverages DLL hijacking and other techniques to maintain persistence on infected systems. ⚠️ This latest development highlights the evolving tactics and capabilities of China-linked hacking groups. It's crucial for organizations to stay vigilant and implement robust cybersecurity measures to protect against such advanced threats. 🔍 Stay informed and share this post to raise awareness about the UNAPIMON malware and the ongoing threat posed by Earth Freybug and other China-linked actors. Together, we can strengthen our defenses against these persistent cyber adversaries. https://lnkd.in/gPk2hM7g

🚨 Trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. Learn more here: https://lnkd.in/dXn2se7P #SimpleCyber #cybersecurity #CyberNews

A recent article from BleepingComputer highlights a new trend in cyber attacks targeting air-gapped systems using USB devices. Chinese state-sponsored hackers have reportedly been targeting industrial organizations with new malware that can steal data from these isolated systems. Air-gapped systems, which are isolated from the enterprise network and the public internet, typically fulfill critical roles. The hackers used at least 15 distinct implants in attacks in Eastern Europe, each for a distinct stage of the operation, as well as their signature 'FourteenHi' malware family. The attacks involved three separate stages. The initial phase established persistence and remote access to the compromised systems and collected data useful for reconnaissance. In the second stage, the hackers dropped more specialized malware that can steal data from isolated (air-gapped) systems using USB propagation. Finally, in the third stage of the attack, the hackers used implants that can upload the collected data to their command and control (C2) servers. This case underscores the importance of exercising caution when using USB devices, especially those from unknown sources, and the need for robust security measures to protect air-gapped systems. Read more about this case here: https://lnkd.in/di6dfpSA Or visit us at: https://hunna.eu/ #Cybersecurity #DataProtection #USB #AirGap #InfoSec

Threat actors exploit SSH credentials to gain unauthorized access to systems and networks, executing malicious activities by leveraging weak or compromised credentials. The misuse of SSH credentials offers a covert entryway for threat actors to compromise and commandeer targeted systems. On January 4th, 2024, the Sysdig Threat Research Team (TRT) unearthed a network mapping tool named SSH-Snake, deployed as a self-propagating worm. The tool was discovered exploiting SSH credentials in its propagation, presenting a substantial threat to network security that requires careful handling. It actively seeks out credentials and shell history to target its next victims, with threat actors presently leveraging the SSH-Snake malware. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/eUWbqti4 #threatactors #ssh #malicious #compromised #trt #networksecurity #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews