FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the

Tagged under: , , , , , , , , ,

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that “Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period,” Check Point

Tagged under: , , , , , , , , ,

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, who are part

Tagged under: , , , , , , , , , , , , , , , , , , , , , , , ,

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021. “Lures use Mexican

Tagged under: , , , , , , , , , , , , , , , , , , , , ,

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected,

Tagged under: , , , , , , , , , , , , , ,

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

Introduction A 29-year-old Ukrainian national has been apprehended in Mykolaiv, Ukraine, in connection with a highly sophisticated cryptojacking operation. The suspect allegedly earned over $2 million (€1.8 million) in illicit profits through unauthorized use of computing resources for cryptocurrency mining. The arrest was made possible through a collaborative effort between the National Police of Ukraine,

Tagged under: , , , , , , , , ,

Three Ways To Supercharge Your Software Supply Chain Security

Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan

Tagged under: , , , , , , , ,

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

According to a new joint cybersecurity advisory from Australia and the U.S., the threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023. “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations

Tagged under: , , , , , , ,

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. “PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577,” Malwarebytes’ Jérôme Segura said. The malware family, which first appeared in early 2023,

Tagged under: , , , , , , ,

Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it’s tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM)

Tagged under: , , , , , , , , ,