Linux SSH Servers Targeted in ShellBot Malware Campaign
A new campaign targeting poorly managed Linux SSH servers has been identified, deploying various strains of malware called ShellBot. The AhnLab Security Emergency Response Center (ASEC) reported that ShellBot, also known as PerlBot, is a DDoS bot malware developed in Perl, which typically uses the IRC protocol for communication with its C&C server. According to
- Published in News
The Chinese hackers exploited a zero-day vulnerability in Fortinet to espionage
Mandiant, the threat intelligence firm, has linked the zero-day exploitation of a medium-severity security flaw in the Fortinet FortiOS operating system to a suspected Chinese hacking group. The attack is part of a broader campaign to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. Mandiant is tracking the malicious
- Published in News
The Lazarus Group exploits a zero-day vulnerability to hack a South Korean financial institution
The Lazarus Group, believed to be linked to North Korea, has been observed exploiting undisclosed software vulnerabilities to breach a South Korean financial business entity twice within a year. The first attack in May 2022 involved the use of a vulnerable version of a widely-used certificate software, while the second attack in October 2022 exploited
- Published in News
Southeast Asian governments are being targeted by Sharp Panda’s new Soul Framework version
Chinese threat actor Sharp Panda has been targeting high-profile government entities in Southeast Asia since late last year in a cyber espionage campaign. Israeli cybersecurity company Check Point has identified the use of a new version of the Soul modular framework as characterizing the intrusions, marking a departure from the group’s attack chains observed in
- Published in News
Mexican banks are being targeted by FiXS ATM malware
A new ATM malware strain called FiXS has been detected attacking Mexican banks since the beginning of February 2023. Latin American cybersecurity firm Metabase Q reported that the ATM malware is concealed within another program that appears to be non-malicious. FiXS is not dependent on any specific vendor, is vendor-agnostic, and can infect any teller
- Published in News
Hackers targeting European entities with MQsTTang backdoors
The Mustang Panda actor, which is aligned with China, has been observed using a new custom backdoor named MQsTTang as part of an ongoing social engineering campaign that started in January 2023. ESET researcher Alexandre Côté Cyr reported that MQsTTang seems to be a standalone backdoor not based on existing malware families or publicly available
- Published in News
A new variant of the SysUpdate malware attacks Linux and employs evasion tactics
The threat group known as Lucky Mouse has released a Linux version of its SysUpdate malware toolkit, enabling it to target Linux devices. The updated artifact, which dates back to July 2022, has new features aimed at avoiding security software and resisting reverse engineering. Lucky Mouse, also known as APT27, Bronze Union, Emissary Panda, and
- Published in News
New M2RAT malware from North Korea’s APT37 targets South Korea
The notorious APT37, a North Korea-linked threat actor, has recently been spotted utilizing a new piece of malware called M2RAT in its ongoing attacks against its southern neighbor. These developments signify a further evolution of the group’s tools and tactics. APT37, also known as Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is associated with North Korea’s
- Published in News
Thousands of WordPress sites have been infected by a massive AdSense fraud campaign
The malicious black hat redirect malware campaign has now grown larger and more insidious, infecting over 10,800 websites with over 70 bogus domains, mimicking URL shorteners. The main objective of this malware is to artificially increase traffic to pages that contain Google Ads, generating revenue from AdSense ID, which is used for ad fraud. The
- Published in News
Massive HTTP DDoS Attack Hits Record High of 71 Million Requests Per Second
Cloudflare, the web infrastructure company, stopped an unprecedented DDoS attack on Monday with a record-breaking peak of over 71 million requests per second. This historic “hyper-volumetric” attack was the largest HTTP DDoS attack on record, surpassing the previous 46 million RPS attack that was mitigated by Google Cloud in June 2022. These massive attacks targeted
- Published in News