Tag Malware

THN Weekly Update: Key Cybersecurity Threats, Tools, and Insights (Nov 25 – Dec 1)

Dec 02, 2024
Cyber Threats / Weekly Summary

Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.

Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…

Cybersecurity Threats in Review: Key Developments from Nov 25 – Dec 1, 2024 Hackers are relentless in their pursuit of vulnerabilities within digital infrastructures, launching approximately 2,200 cyberattacks daily. This startling statistic translates to an intrusion attempt every 39 seconds, emphasizing the constant threat faced by organizations today. Compounding this…

Read More

THN Weekly Update: Key Cybersecurity Threats, Tools, and Insights (Nov 25 – Dec 1)

Dec 02, 2024
Cyber Threats / Weekly Summary

Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.

Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…

🔒 Weekly Cybersecurity Recap: Key Threats, Tools, and Strategies (Dec 2 – 8)

Dec 09, 2024

Cyber Threats / Weekly Overview

This week’s cybersecurity landscape reads like a thrilling spy film. Hackers are infiltrating rival operations, stealthy malware lurks in widely-used software, and AI-driven scams are outsmarting even the brightest minds. Meanwhile, defenders are dismantling illicit online markets and shutting down dubious chat rooms, while major corporations scramble to patch vulnerabilities before attackers can exploit them. Curious about who’s targeting whom, the tactics they’re using, and the countermeasures in play? Keep reading—this recap has all the details.

⚡ Threat of the Week: Turla Hackers Compromise Pakistani Hacker Network

Picture this: one hacking group infiltrates another’s covert operations to launch their own attacks. That’s the scenario unfolding as the Russia-linked Turla group has been leveraging the infrastructure of a Pakistani hacking team, Storm-0156, since December 2022. By breaching their servers, Turla is now spying on governmental and military entities in Afghanistan and India.

Cybersecurity Weekly Recap: December 2 – 8, 2024 In the ever-evolving landscape of cybersecurity, recent developments have painted a picture reminiscent of a high-stakes espionage narrative. Cybercriminals have escalated their tactics, infiltrating not only vulnerable systems but also each other’s operations, while defenders are stepping up their efforts against emerging…

Read More

🔒 Weekly Cybersecurity Recap: Key Threats, Tools, and Strategies (Dec 2 – 8)

Dec 09, 2024

Cyber Threats / Weekly Overview

This week’s cybersecurity landscape reads like a thrilling spy film. Hackers are infiltrating rival operations, stealthy malware lurks in widely-used software, and AI-driven scams are outsmarting even the brightest minds. Meanwhile, defenders are dismantling illicit online markets and shutting down dubious chat rooms, while major corporations scramble to patch vulnerabilities before attackers can exploit them. Curious about who’s targeting whom, the tactics they’re using, and the countermeasures in play? Keep reading—this recap has all the details.

⚡ Threat of the Week: Turla Hackers Compromise Pakistani Hacker Network

Picture this: one hacking group infiltrates another’s covert operations to launch their own attacks. That’s the scenario unfolding as the Russia-linked Turla group has been leveraging the infrastructure of a Pakistani hacking team, Storm-0156, since December 2022. By breaching their servers, Turla is now spying on governmental and military entities in Afghanistan and India.

ZLoader Malware Makes a Comeback Using DNS Tunneling to Conceal C2 Communications

Cybersecurity researchers have identified a new iteration of the ZLoader malware that utilizes Domain Name System (DNS) tunneling for command-and-control (C2) communications, showcasing that threat actors are actively enhancing their toolset after its reappearance a year ago. “Zloader version 2.9.4.0 features significant improvements, including a custom DNS tunnel protocol for C2 communications and an interactive shell supporting over a dozen commands, potentially aiding in ransomware attacks,” Zscaler ThreatLabz noted in a report released on Tuesday. “These enhancements provide added resilience against detection and mitigation efforts.” ZLoader, also known as Terdot, DELoader, or Silent Night, functions as a malware loader capable of deploying subsequent payloads. Following the shutdown of its infrastructure, malware campaigns distributing ZLoader were observed again for the first time in nearly two years in September 2023.

ZLoader Malware Resurfaces Utilizing DNS Tunneling for C2 Communications On December 11, 2024, cybersecurity experts reported the emergence of an updated version of the ZLoader malware, which now employs a Domain Name System (DNS) tunneling technique for its command-and-control (C2) communications. This advancement illustrates a continued evolution of this malicious…

Read More

ZLoader Malware Makes a Comeback Using DNS Tunneling to Conceal C2 Communications

Cybersecurity researchers have identified a new iteration of the ZLoader malware that utilizes Domain Name System (DNS) tunneling for command-and-control (C2) communications, showcasing that threat actors are actively enhancing their toolset after its reappearance a year ago. “Zloader version 2.9.4.0 features significant improvements, including a custom DNS tunnel protocol for C2 communications and an interactive shell supporting over a dozen commands, potentially aiding in ransomware attacks,” Zscaler ThreatLabz noted in a report released on Tuesday. “These enhancements provide added resilience against detection and mitigation efforts.” ZLoader, also known as Terdot, DELoader, or Silent Night, functions as a malware loader capable of deploying subsequent payloads. Following the shutdown of its infrastructure, malware campaigns distributing ZLoader were observed again for the first time in nearly two years in September 2023.

DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering

The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.

DoNot Team Linked to Emerging Tanzeem Android Malware Targeting Intelligence Gathering January 20, 2025 In a notable development in the cyber threat landscape, the hacking group known as DoNot Team has been associated with a new strain of Android malware. This malware, identified as Tanzeem, which translates to “organization” in…

Read More

DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering

The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Phony Google Chrome Sites Spread ValleyRAT Malware via DLL Hijacking In a concerning development for cybersecurity, fake websites purporting to offer Google Chrome are being utilized to distribute a remote access trojan known as ValleyRAT. This malware, first identified in 2023, has been linked to a cyber threat actor referred…

Read More

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Belarus-Linked Ghostwriter Exploits Obfuscated Excel Macros to Distribute Malware February 25, 2025 Malware / Cyber Espionage A newly uncovered cyber campaign has emerged, targeting opposition activists in Belarus alongside military and governmental entities in Ukraine. This operation utilizes malware-infused Microsoft Excel documents to disseminate a variant of PicassoLoader, a malicious…

Read More

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Supply Chain Attacks on Open Source Software are Becoming Unmanageable

Critical Supply-Chain Attacks Target Developers with Malicious npm and PyPI Packages Recent reports have surfaced regarding a string of supply-chain attacks targeting developers on npm and PyPI, resulting in the distribution of malicious packages designed to compromise systems and steal sensitive information. These incidents highlighted a significant vulnerability within open-source…

Read MoreSupply Chain Attacks on Open Source Software are Becoming Unmanageable

BBB Shares Tips to Help You Prevent Data Breaches

Rising Threat of Data Breaches: Protecting Your Business and Personal Information In recent months, numerous companies have reported data breaches that have compromised sensitive customer information, highlighting a growing concern among businesses across various sectors. Cybercriminals exploit malware and security vulnerabilities to access this information, often reselling it on the…

Read MoreBBB Shares Tips to Help You Prevent Data Breaches