Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot

www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, which is the same day we discovered the malspam campaign.

PsiXBot Modular Malware Gets New Sextortion, Google DoH Upgrades

www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/ Security researchers discovered a new variant of the PsiXBot modular malware with a new sextortion module and designed to use Googles DNS over HTTPS (DoH) service to get command and control (C2) IP addresses.

Secret Service Investigates Breach at U.S. Govt IT Contractor

krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/ The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

Purple Fox Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group

www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/ ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. Amnesty Internationals Senior Technologist, Claudio Guarnieri, has concluded that Stealth Falcon and Project Raven actually are the same group.. Also:

threatpost.com/stealth-falcon-middle-east-windows-bits/148136/. Stealth Falcon Targets Middle East with Windows BITS Feature

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report

www.forbes.com/sites/zakdoffman/2019/09/05/secret-chinese-hacking-group-set-traps-to-steal-nsa-cyberattack-tools-new-report/

North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2019/09/09/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variantsreferred to as ELECTRICFISH and BADCALLused by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

MAR-10135536-10 North Korean Trojan: BADCALL

www.us-cert.gov/ncas/analysis-reports/ar19-252a

MAR-10135536-21 North Korean Proxy Malware: ELECTRICFISH

www.us-cert.gov/ncas/analysis-reports/ar19-252b

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

threatpost.com/million-iot-radios-hijack-telnet-backdoor/148123/

You might be interested in …

Daily NCSC-FI news followup 2020-12-31

Adobe Flash Player is officially dead tomorrow www.bleepingcomputer.com/news/security/adobe-flash-player-is-officially-dead-tomorrow/ Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. Lisäksi www.bleepingcomputer.com/news/software/adobe-now-shows-alerts-in-windows-10-to-uninstall-flash-player/ What’s Next for Ransomware in 2021? threatpost.com/ransomware-getting-ahead-inevitable-attack/162655/ Ransomware response demands a whole-of-business plan before the next attack, […]

Read More

Daily NCSC-FI news followup 2020-09-16

Tietovuoto: Kiinalaisyrityksen urkintalistalla on 799 suomalaista, joukossa poliitikkoja ja heidän lähipiiriään Katso, miten suomalaiset on jaoteltu yle.fi/uutiset/3-11544521 Poikkeuksellinen tietovuoto kertoo, millaiset suomalaiset vaikuttajat kiinnostavat Kiinaa. Pitkään kestävä syysmyrsky huolettaa sähköyhtiöitä “Valmiudessa on moninkertainen määrä työntekijöitä” yle.fi/uutiset/3-11547019 Keski-Pohjanmaalla toimivat sähköyhtiöt ovat nostaneet selvästi varautumistaan voimakkaan ja poikkeuksellisen pitkäkestoisen syysmyrskyn varalle. Yhä useampi on huolissaan lähipiiriinsä kohdistuvista […]

Read More

Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.