Tag Malware

Microsoft Falls Victim to Cyber Attack

Feb 23, 2013

Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…

Microsoft Falls Victim to Cyber Attack Date: February 23, 2013 In a significant cybersecurity breach, Microsoft has confirmed that it has become the latest target of a sophisticated cyber attack, affecting a limited number of its computers, including those within its Mac software division. The company reported that these systems…

Read More

Microsoft Falls Victim to Cyber Attack

Feb 23, 2013

Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…

ShadowSilk Targets 35 Organizations Across Central Asia and APAC via Telegram Bots

August 27, 2025
Malware / Spyware

A threat cluster known as ShadowSilk is responsible for a new wave of attacks aimed at government entities in Central Asia and the Asia-Pacific region. Group-IB has identified nearly 35 victims, primarily focused on data exfiltration. This hacking group shares tools and infrastructure with other threat actors, including YoroTrooper, SturgeonPhisher, and Silent Lynx. The affected organizations are predominantly government bodies, with some incidents involving the energy, manufacturing, retail, and transportation sectors across Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan. “The operation is executed by a bilingual team—Russian-speaking developers linked to older YoroTrooper code and Chinese-speaking operatives leading the intrusions—creating a versatile, multi-regional threat,” state researchers Nikita Rostovcev and Sergei Turner.

ShadowSilk Launches Targeted Cyber Assaults on 35 Organizations Across Central Asia and APAC In a concerning development within the cybersecurity landscape, a threat activity cluster identified as ShadowSilk has executed a series of targeted cyberattacks against government organizations in Central Asia and the Asia-Pacific (APAC) region. The security firm Group-IB…

Read More

ShadowSilk Targets 35 Organizations Across Central Asia and APAC via Telegram Bots

August 27, 2025
Malware / Spyware

A threat cluster known as ShadowSilk is responsible for a new wave of attacks aimed at government entities in Central Asia and the Asia-Pacific region. Group-IB has identified nearly 35 victims, primarily focused on data exfiltration. This hacking group shares tools and infrastructure with other threat actors, including YoroTrooper, SturgeonPhisher, and Silent Lynx. The affected organizations are predominantly government bodies, with some incidents involving the energy, manufacturing, retail, and transportation sectors across Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan. “The operation is executed by a bilingual team—Russian-speaking developers linked to older YoroTrooper code and Chinese-speaking operatives leading the intrusions—creating a versatile, multi-regional threat,” state researchers Nikita Rostovcev and Sergei Turner.

Storm-0501 Exploits Entra ID for Azure Data Exfiltration and Deletion in Hybrid Cloud Attacks

August 27, 2025
Ransomware / Cloud Security

The financially motivated threat actor known as Storm-0501 has been observed enhancing its tactics to carry out data exfiltration and extortion attacks in cloud environments. “Unlike traditional on-premises ransomware that relies on deploying malware to encrypt essential files across compromised network endpoints and negotiating for a decryption key, cloud-based ransomware represents a significant change,” noted the Microsoft Threat Intelligence team in a report shared with The Hacker News. “Utilizing cloud-native capabilities, Storm-0501 swiftly exfiltrates substantial data volumes, deletes data and backups within the victim’s environment, and demands ransom—all without conventional malware deployment.” Storm-0501 was initially documented by Microsoft nearly a year ago, focusing on its hybrid cloud ransomware attacks against sectors such as government, manufacturing, transportation, and law enforcement in the U.S.

Storm-0501 Leveraging Entra ID in Sophisticated Hybrid Cloud Attacks August 27, 2025 Ransomware / Cloud Security A financially motivated threat actor known as Storm-0501 has intensified its focus on cloud environments, employing advanced strategies for data exfiltration and extortion. Unlike traditional ransomware that typically employs malware to encrypt files across…

Read More

Storm-0501 Exploits Entra ID for Azure Data Exfiltration and Deletion in Hybrid Cloud Attacks

August 27, 2025
Ransomware / Cloud Security

The financially motivated threat actor known as Storm-0501 has been observed enhancing its tactics to carry out data exfiltration and extortion attacks in cloud environments. “Unlike traditional on-premises ransomware that relies on deploying malware to encrypt essential files across compromised network endpoints and negotiating for a decryption key, cloud-based ransomware represents a significant change,” noted the Microsoft Threat Intelligence team in a report shared with The Hacker News. “Utilizing cloud-native capabilities, Storm-0501 swiftly exfiltrates substantial data volumes, deletes data and backups within the victim’s environment, and demands ransom—all without conventional malware deployment.” Storm-0501 was initially documented by Microsoft nearly a year ago, focusing on its hybrid cloud ransomware attacks against sectors such as government, manufacturing, transportation, and law enforcement in the U.S.

U.S. Treasury Imposes Sanctions on North Korean IT Worker Scheme, Uncovering $600K in Crypto Transfers and Over $1M in Profits

August 28, 2025
Artificial Intelligence / Malware

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced new sanctions against two individuals and two entities linked to North Korea’s remote IT worker scheme, which generates illicit revenue for the regime’s weapons of mass destruction and ballistic missile initiatives. “The North Korean regime continues to exploit American businesses through fraudulent schemes involving overseas IT workers who steal data and extort ransom,” stated John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “Under President Trump’s administration, the Treasury remains dedicated to safeguarding Americans from these schemes and holding those responsible accountable.” Key individuals targeted include Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. This initiative broadens the sanctions previously imposed on Chinyong Informat…

U.S. Treasury Imposes Sanctions on North Korean IT Worker Scheme, Unveiling $600K in Cryptocurrency Transfers and Over $1M in Profits On August 28, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced new sanctions targeting a network of individuals and companies involved in a North…

Read More

U.S. Treasury Imposes Sanctions on North Korean IT Worker Scheme, Uncovering $600K in Crypto Transfers and Over $1M in Profits

August 28, 2025
Artificial Intelligence / Malware

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced new sanctions against two individuals and two entities linked to North Korea’s remote IT worker scheme, which generates illicit revenue for the regime’s weapons of mass destruction and ballistic missile initiatives. “The North Korean regime continues to exploit American businesses through fraudulent schemes involving overseas IT workers who steal data and extort ransom,” stated John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “Under President Trump’s administration, the Treasury remains dedicated to safeguarding Americans from these schemes and holding those responsible accountable.” Key individuals targeted include Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. This initiative broadens the sanctions previously imposed on Chinyong Informat…

TamperedChef Malware Masquerading as Fake PDF Editors Gathers Credentials and Cookies

Cybersecurity Alert: Aug 29, 2025

Cybersecurity experts have uncovered a new cybercrime operation utilizing deceptive advertising techniques to funnel victims to fraudulent websites, leading them to download an information-stealing malware known as TamperedChef. Researchers from Truesec—Mattias Wåhlén, Nicklas Keijser, and Oscar Lejerbäck Wolf—reported on the findings, revealing that the goal is to entice victims into installing a Trojan PDF editor. This malicious software is designed to capture sensitive information, including login credentials and web cookies. The scheme primarily leverages multiple fake sites to promote a free PDF editor named AppSuite PDF Editor. Once downloaded and executed, the software prompts users to agree to its terms of service and privacy policy, all while in the background covertly connecting to an external server to install the actual malware.

TamperedChef Malware Poses as Fake PDF Editors to Steal Credentials and Cookies In a recent cybersecurity alert, researchers uncovered a malicious campaign that employs deceptive advertising techniques to lure victims into downloading a second-rate PDF editor. This operation centers around a malware known as TamperedChef, which is specifically designed to…

Read More

TamperedChef Malware Masquerading as Fake PDF Editors Gathers Credentials and Cookies

Cybersecurity Alert: Aug 29, 2025

Cybersecurity experts have uncovered a new cybercrime operation utilizing deceptive advertising techniques to funnel victims to fraudulent websites, leading them to download an information-stealing malware known as TamperedChef. Researchers from Truesec—Mattias Wåhlén, Nicklas Keijser, and Oscar Lejerbäck Wolf—reported on the findings, revealing that the goal is to entice victims into installing a Trojan PDF editor. This malicious software is designed to capture sensitive information, including login credentials and web cookies. The scheme primarily leverages multiple fake sites to promote a free PDF editor named AppSuite PDF Editor. Once downloaded and executed, the software prompts users to agree to its terms of service and privacy policy, all while in the background covertly connecting to an external server to install the actual malware.

Cyber Attack Disrupts Passport Control at Istanbul Airport

July 26, 2013

The passport control system at Istanbul Ataturk Airport’s international departure terminal experienced a cyber attack on Friday, impacting operations at another airport in the city. Passengers faced lengthy delays, with many waiting hours as flight departures were postponed due to the system shutdown at both locations. Authorities were able to restore functionality after some time.

Reports indicated that the passport control system at Sabiha Gokcen International Airport was also affected by issues stemming from the Polnet data system managed by the Istanbul provincial security directorate. Preliminary investigations suggest the systems may have been compromised by malware, though authorities are still determining whether any user information was extracted from the affected machines.

As of now, there has been no claim of responsibility for the cyber attack. This incident is part of a worrying trend of malware attacks targeting critical infrastructure. Cybersecurity has become an increasingly critical concern in recent years.

Cyber Attack Disrupts Istanbul Airport’s Passport Control Systems On July 26, 2013, the passport control systems at Istanbul Ataturk Airport’s international departure terminal faced a significant disruption due to a cyber attack, affecting operations not only at this major facility but also at Sabiha Gokcen International Airport, another key location…

Read More

Cyber Attack Disrupts Passport Control at Istanbul Airport

July 26, 2013

The passport control system at Istanbul Ataturk Airport’s international departure terminal experienced a cyber attack on Friday, impacting operations at another airport in the city. Passengers faced lengthy delays, with many waiting hours as flight departures were postponed due to the system shutdown at both locations. Authorities were able to restore functionality after some time.

Reports indicated that the passport control system at Sabiha Gokcen International Airport was also affected by issues stemming from the Polnet data system managed by the Istanbul provincial security directorate. Preliminary investigations suggest the systems may have been compromised by malware, though authorities are still determining whether any user information was extracted from the affected machines.

As of now, there has been no claim of responsibility for the cyber attack. This incident is part of a worrying trend of malware attacks targeting critical infrastructure. Cybersecurity has become an increasingly critical concern in recent years.

Cybercriminals Leverage X’s Grok AI to Circumvent Ad Safeguards and Distribute Malware to Millions

Sep 04, 2025
Artificial Intelligence / Malware

Cybersecurity experts have identified a new tactic employed by cybercriminals to circumvent the malvertising protections of social media platform X, utilizing its AI assistant Grok to disseminate harmful links. This method, dubbed “Grokking,” was discussed in a series of posts by Nati Tal, head of Guardio Labs.

The technique aims to exploit the limitations set by X on Promoted Ads, which typically permit only text, images, or videos for advertising. By leveraging video card-promoted posts featuring adult content as bait, malvertisers cleverly conceal malicious links in the “From:” metadata field located below the video player—an area that goes unchecked by the platform’s security measures.

Cybercriminals Exploit X’s Grok AI to Circumvent Ad Protections and Distribute Malware Widely Cybersecurity experts have uncovered a disturbing trend in which cybercriminals are leveraging the artificial intelligence assistant Grok, from the social media platform X, to evade advertising safeguards and disseminate malicious links. This sophisticated method, referred to as…

Read More

Cybercriminals Leverage X’s Grok AI to Circumvent Ad Safeguards and Distribute Malware to Millions

Sep 04, 2025
Artificial Intelligence / Malware

Cybersecurity experts have identified a new tactic employed by cybercriminals to circumvent the malvertising protections of social media platform X, utilizing its AI assistant Grok to disseminate harmful links. This method, dubbed “Grokking,” was discussed in a series of posts by Nati Tal, head of Guardio Labs.

The technique aims to exploit the limitations set by X on Promoted Ads, which typically permit only text, images, or videos for advertising. By leveraging video card-promoted posts featuring adult content as bait, malvertisers cleverly conceal malicious links in the “From:” metadata field located below the video player—an area that goes unchecked by the platform’s security measures.

The Significance of Logs and Log Management in IT Security

In today’s digital landscape, IT security is paramount for organizations of all sizes. Effective security measures begin with vigilant monitoring of your network to identify vulnerabilities that could expose sensitive information to threats. This often includes employing firewalls as the first line of defense, alongside vulnerability management, intrusion detection and prevention systems, and careful configuration of network settings.

The importance of these measures cannot be overstated:

  • Routers may be easily compromised without proper configuration and restrictions.
  • An improperly configured firewall can leave open ports, enabling hackers to infiltrate the network.
  • Threats like rogue access points, botnet malware, and social engineering can transform your wireless network into a gateway for unauthorized access.

Why Are Logs Essential?

The primary goal of IT security is to…

The Crucial Role of Log Management in IT Security In today’s digital landscape, safeguarding IT infrastructure is non-negotiable for organizations of all sizes. Proactive measures to protect networks from vulnerabilities are imperative, as these weak points may serve as entryways for cyber attackers seeking access to sensitive data. Effective cybersecurity…

Read More

The Significance of Logs and Log Management in IT Security

In today’s digital landscape, IT security is paramount for organizations of all sizes. Effective security measures begin with vigilant monitoring of your network to identify vulnerabilities that could expose sensitive information to threats. This often includes employing firewalls as the first line of defense, alongside vulnerability management, intrusion detection and prevention systems, and careful configuration of network settings.

The importance of these measures cannot be overstated:

  • Routers may be easily compromised without proper configuration and restrictions.
  • An improperly configured firewall can leave open ports, enabling hackers to infiltrate the network.
  • Threats like rogue access points, botnet malware, and social engineering can transform your wireless network into a gateway for unauthorized access.

Why Are Logs Essential?

The primary goal of IT security is to…

TAG-150 Develops CastleRAT in Python and C, Enhancing CastleLoader Malware Operations

September 05, 2025
Botnet / Malware

The threat actor behind the malware-as-a-service (MaaS) framework and loader known as CastleLoader has introduced a remote access trojan, CastleRAT. Available in both Python and C versions, CastleRAT primarily functions to collect system information, download and execute additional payloads, and run commands via CMD and PowerShell, according to Recorded Future’s Insikt Group. The cybersecurity firm is monitoring the malicious activities attributed to TAG-150, which is believed to have been operational since at least March 2025. CastleLoader and its variants serve as initial access points for various secondary payloads, including other remote access trojans, information stealers, and additional loaders. CastleLoader (also referred to as CastleBot) was first reported by Swiss cybersecurity firm PRODAFT in July 2025, highlighting its use in campaigns distributing DeerStealer, RedLine, StealC, NetSupport RAT, SectopRAT, and Hijack Loader. Further analysis…

TAG-150 Expands CastleLoader Operations with New CastleRAT in Python and C September 5, 2025 In a recent development within the cybersecurity landscape, the threat group identified as TAG-150 has introduced a remote access trojan (RAT) named CastleRAT, complementing its existing malware-as-a-service (MaaS) framework known as CastleLoader. This new trojan is…

Read More

TAG-150 Develops CastleRAT in Python and C, Enhancing CastleLoader Malware Operations

September 05, 2025
Botnet / Malware

The threat actor behind the malware-as-a-service (MaaS) framework and loader known as CastleLoader has introduced a remote access trojan, CastleRAT. Available in both Python and C versions, CastleRAT primarily functions to collect system information, download and execute additional payloads, and run commands via CMD and PowerShell, according to Recorded Future’s Insikt Group. The cybersecurity firm is monitoring the malicious activities attributed to TAG-150, which is believed to have been operational since at least March 2025. CastleLoader and its variants serve as initial access points for various secondary payloads, including other remote access trojans, information stealers, and additional loaders. CastleLoader (also referred to as CastleBot) was first reported by Swiss cybersecurity firm PRODAFT in July 2025, highlighting its use in campaigns distributing DeerStealer, RedLine, StealC, NetSupport RAT, SectopRAT, and Hijack Loader. Further analysis…