Oasis reportedly exploits its own wallet platform to recover stolen cryptocurrency.
Tag Archives: news
New State Sponsored APT Tools Built to Attack Industrial Control Systems
New State-Sponsored APT Tools Built to Attack ICS/SCADA Devices Exploiting Vulnerable Drivers
A state-sponsored threat group has developed new APT tools target and compromise industrial control systems via targeting vulnerable motherboard drives in multiple ICS devices.
Much more detail here:
CISA: https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
Mandiant: https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool
Compromised Exchange Servers Sending Emails to Infect Computers with IcedID Malware
IcedID Info-Stealing Malware Continues to Spread
Compromised Microsoft Exchange servers are sending out emails that appear to be a part of an email chain’s conversation to lure the un-suspecting user into opening an attached password protected archive or .zip file, along with the included password on open the file, resulting in infecting the user’s computer. From this point IcedID phones home with command-and-control techniques and then it can be utilized for a number of different ways to continue to exploit the infected computer. Due to the age of IcedID malware there is quite a bit of researched patterns and information of how it infects a computer.
More details:
The Register – https://www.theregister.com/2022/03/29/icedid_microsoft_exchange_phishing/
The Hacker News – https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html
BleepingComputer – https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
A Second Chinese Threat Actor Identified In Ukraine CyberAttacks
“Scarab”, a Chinese speaking threat actor has been identified attacking Ukraine in using a backdoor named “HeaderTip” in spear-phishing attack campaigns.
The Hacker News – “Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion” : https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html
The Record – “Researchers tie Ukraine cyber intrusion attempt to suspected Chinese threat actor ‘Scarab’” : https://therecord.media/researchers-tie-ukraine-cyber-intrusion-attempt-to-suspected-chinese-threat-actor-scarab/
Google Emergency Patches Chrome’s 0-Day
Google responds quick to the actively exploited Chrome zero day bug to shutdown the cyberattacks observed from two threat groups in North Korea.
BleepingComputer – “Emergency Google Chrome update fixes zero-day used in attacks” : https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/
Microsoft Searches For Evidence Of Claimed Breach
Microsoft is underway investigating if they were breached due to a claim from a cyberthreat group has released. The same extortion group that has also claimed recent breaches to six other large businesses.
Bleeping Computer – “Microsoft investigating claims of hacked source code repositories” : https://www.bleepingcomputer.com/news/security/microsoft-investigating-claims-of-hacked-source-code-repositories/
SpaceX Boosts Cybersecurity Responding To Starlink Jamming
Interesting to see this, cyberwar definitely verified involving tech in space.:
“SpaceX shifts resources to cybersecurity to address Starlink jamming” via Jeff Foust and Brian Berger | Spacenews
cybersecurity #cyberspace #cyberattack #spacex #starlink #spacetech #space #tech
Ransomware Gangs and Hackers Voice Their Chosen Side Between Russia and Ukraine
Events like these truly show how much war has evolved in the cyber realm.
BleepingComputer – “Ransomware gangs, hackers pick sides over Russia invading Ukraine”: https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/
Cyber Attacks Rock Ukraine and Russia
From command & control to data wiping malware, Ukraine is struggling with quite a bit of cyber threats since the start of Russia’s operation. When it comes to DDoS attacks both Russia and Ukraine are both having to defend themself. Internet sites in both countries have been seen going completely un-reachable during this event.
ABC News – Cyberattacks accompany Russian military assault on Ukraine – ABC News: https://abcn.ws/3IjbNmX
ZDNet – Flight tracker Flightradar24 crash caused by ‘international interest’ in Ukraine, Russia conflict: https://www.zdnet.com/article/flight-tracker-flightradar24-crash-caused-by-international-interest-in-ukraine-russia-conflict/
ZDNet – Ukraine Ministry of Defense confirms DDoS attack; state banks lose connectivity: https://www.zdnet.com/article/ukraine-ministry-of-defense-confirms-ddos-attack-state-banks-loses-connectivity/
Infosecurity Magazine – US and UK Warn of VPNFilter Successor “Cyclops Blink”: https://www.infosecurity-magazine.com/
Reuters – Ukraine computers hit by data-wiping software as Russia launched invasion: https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/
CNBC – Cyberattack hits Ukrainian banks and government websites: https://www.cnbc.com/2022/02/23/cyberattack-hits-ukrainian-banks-and-government-websites.html
CNN – Russian government websites mysteriously go dark as invasion continues: https://www.cnn.com/europe/live-news/ukraine-russia-news-02-24-22-intl/h_e0d16b404e39c4f6bbbb337fe2e4f1a1
Threat Group Sandworm Creates New Worries with Cyclops Blink Malware
A new malware threat named Cyclops Blink, which appears to replace Sandworm’s VPNFilter malware that was used against Ukraine in 2018, is targeting Watchguard firewalls to compromise, implement command and control, update the malware instance with more mods to possibly use for larger attacks and even more.
Cybersecurity Today 