Recent findings from cybersecurity researchers have unveiled a targeted campaign likely aimed at entities in Southeast Asia utilizing a novel form of Linux malware, identified as “FontOnLake.” This malware is designed to facilitate remote access for its operators, gather credentials, and serve as a proxy server. The cybersecurity firm ESET,…
On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a recently patched critical vulnerability affecting Array Networks AG and vxAG secure access gateways in its Known Exploited Vulnerabilities (KEV) catalog. This addition follows credible reports indicating active exploitation of the flaw in real-world scenarios. The vulnerability, designated as…
Ukraine’s leading law enforcement and counterintelligence agency has revealed the identities of five individuals allegedly involved in a series of digital intrusions tied to a cyber-espionage group known as Gamaredon, with connections to Russia’s Federal Security Service (FSB). This disclosure highlights the agency’s ongoing efforts to combat cyber threats directed…
RomCom Exploits Zero-Day Vulnerabilities in Firefox and Windows A sophisticated cyber operation attributed to the Russia-aligned threat actor known as RomCom has been reported, focusing on the exploitation of two zero-day vulnerabilities—one in Mozilla Firefox and another in Microsoft Windows. These attacks have been designed to deploy RomCom’s proprietary backdoor…
Recent cybersecurity analysis has uncovered the deployment of a newly identified binary called “Owowa,” specifically targeting Microsoft Exchange’s Outlook Web Access servers. This malicious Internet Information Services (IIS) web server module seeks to extract user credentials and facilitate remote command execution on compromised systems. The Owowa module, reportedly written in…
A persistent threat actor, suspected to have ties to an Indian cybersecurity firm, has been actively attacking military organizations in South Asia since at least September 2020. The targeted nations include Bangladesh, Nepal, and Sri Lanka, with various iterations of their specialized malware framework used in each assault. According to…
In an alarming series of spear-phishing attacks between October and November 2021, the Russia-linked advanced persistent threat group APT29 targeted European diplomatic missions and Ministries of Foreign Affairs. This activity showcases a troubling trend of cyberespionage aimed at sensitive political partners. ESET’s T3 2021 Threat Report, provided to The Hacker…
A noted advanced persistent threat (APT) group linked to Iran has updated its malware arsenal, introducing a new backdoor known as Marlin. This marks an ongoing espionage campaign that has been active since April 2018. The Slovak cybersecurity firm ESET has attributed these attacks, under the codename “Out to Sea”,…
Recent cybersecurity developments have revealed a significant escalation in cyberattacks aimed at Ukraine, coinciding with the country’s ongoing military conflict. Cybersecurity experts from ESET and Broadcom’s Symantec have reported the emergence of a new wiper malware, identified as HermeticWiper (also known as KillDisk.NCV), which has been actively deployed against numerous…
