Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike

Oct 06, 2023

Threat actors is targeting semiconductor companies in East Asia, using lures that impersonate Taiwan Semiconductor Manufacturing Company (TSMC) to deliver Cobalt Strike beacons. This intrusion set employs a backdoor called HyperBro, serving as a conduit for deploying the attack simulation software and toolkit.

Some instances involve a previously undocumented malware downloader for Cobalt Strike deployment, showcasing multiple infiltration methods. The campaign is attributed to a China-linked threat actor due to the use of HyperBro, a tool primarily used by Lucky Mouse . Tactical overlaps with other clusters like RedHotel and Earth Lusca suggest complex relationships within Chinese threat actors. This comes amid reports of Belgium's intelligence agency investigating potential Chinese espionage activities, highlighting China's multifaceted cyber strategies. The U.S. Department of Defense has also warned of China's extensive cyber espionage efforts.

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

Oct 04, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken action to address two newly identified security vulnerabilities while also removing five previously listed bugs from its Known Exploited Vulnerabilities (KEV) catalog due to insufficient evidence.The added vulnerabilities include CVE-2023-42793,

which is a critical authentication bypass flaw in JetBrains TeamCity that allows remote code execution.GreyNoise data shows exploitation attempts from 74 unique IP addresses. The second vulnerability, CVE-2023-28229, affects Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service and is a privilege escalation flaw. While there is no public documentation of in-the-wild exploitation for CVE-2023-28229, it's important to address it to prevent potential threats. Federal Civilian Executive Branch agencies have been advised to apply vendor-provided patches to secure their networks by October 25, 2023, in response to these vulnerabilities.

Most common passwords: Used In latest 2023 statistics

Oct 03, 2023

ChatGPTIn today's cyber landscape, data breaches and cyberattacks are alarmingly common occurrences. Protecting your online identity and private information hinges on the strength of your passwords. Unfortunately, some individuals still use passwords that are far from secure.

The Cybernews Investigation Team has gathered a list of the most frequently used passwords and phrases globally.Passwords often exhibit predictable patterns and pose significant security risks. To bolster your online security, it is essential to employ strong and unique passwords. Utilizing a password manager like NordPass can help in generating high-security passwords with at least 12 characters, including numbers, special characters, and a mix of upper and lower-case letters. This ensures that your passwords are robust and difficult to crack. It's high time to move beyond weak and easily guessable passwords, and instead embrace proactive security measures such as two-factor authentication and password managers to your digital identity effectively.

‘Ransomed.Vc’ Group Attacking Japanese Giants in New Operations

Sep 29, 2023

ChatGPTRansomed.vc, burgeoning ransomware syndicate, has recently targeted Japan's NTT Docomo, following a data breach at Sony believed to be linked to their operations. The group is demanding a substantial $1,015,000 ransom from NTT Docomo after Sony's refusal to comply with their demands led to the public release

of stolen data.This development raises concerns about a potential surge in cyberattacks targeting Japan.Originating as an underground forum in August 2023, Ransomed.vc has swiftly transformed into a formidable ransomware syndicate, employing tactics like exploiting GDPR regulations to coerce EU-based victims into paying ransoms. They have also established an affiliate program, signifying a network of cybercriminals forming around the syndicate. The recent Sony incident revealed the group's operations and exposed stolen files and confidential information. This ongoing threat highlights the need for proactive surveillance and threat intelligence to counter evolving cyber threats effectively.

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Sep 29, 2023

In August 2023, the China-linked threat group Budworm, also known as APT27, resurfaced with a series of cyberattacks targeting a Middle Eastern telecommunications organization and an Asian government. Budworm has maintained an active presence since at least 2013,

specializing in intelligence gathering across various industry verticals. This group employs a sophisticated toolkit that includes China Chopper web shells.Budworm's standout tactics is exploiting vulnerabilities in publicly accessible services to infiltrate targeted networks. Their SysUpdate backdoor is a continually evolving tool, empowering them to capture screenshots, terminate processes, execute file operations, retrieve drive data, and issue commands. While recent attacks halted early in the infiltration process, with an emphasis on credential harvesting, Budworm's activity reaffirms its status as a persistent and formidable threat actor, demonstrating an unwavering focus on infiltrating critical sectors like telecommunications and government entities worldwide.

Xenomorph Android Banking Malware Attacks 30+ US Banks with New Stealing Capabilities

Sep 28, 2023

Xenomorph's latest campaign has struck institutions in the US and Spain, resulting in numerous malware downloads. This Android malware, initially discovered in February 2022, employs phishing webpages to deceive victims into installing malicious APKs. Xenomorph has a broad range of capabilities, from simple SMS

manipulation to complete device control, thanks to its Automated Transfer System (ATS) framework. The malware primarily uses overlay attacks to collect Personally Identifiable Information (PII), including usernames, passwords, and credit card numbers. Recent additions include mimicry functionality, allowing Xenomorph to behave like other apps, and integration with known stealers like RisePro and LummaC2. Communication with the command-and-control server has been updated to use raw TCP sockets over port 50500 for enhanced control. For a comprehensive analysis, refer to Threat Fabric's detailed report.

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

Sep 27, 2023

A new strain of malware called ZenRAT has emerged, distributed via fake installation packages of the Bitwarden password manager. ZenRAT is specifically targeting Windows users and is a modular remote access trojan (RAT) with information-stealing capabilities. It is hosted on fake websites posing as Bitwarden-associated sites.

Users visiting these deceptive websites from non-Windows systems are redirected to benign content. The malware payload is disguised as a trojanized version of the Bitwarden installation package. When launched, ZenRAT collects information about the host, including hardware and software details, and sends this data to a command-and-control server operated by threat actors. To mitigate such threats, users are advised to download software only from trusted sources and verify website authenticity.