Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot

www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, which is the same day we discovered the malspam campaign.

PsiXBot Modular Malware Gets New Sextortion, Google DoH Upgrades

www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/ Security researchers discovered a new variant of the PsiXBot modular malware with a new sextortion module and designed to use Googles DNS over HTTPS (DoH) service to get command and control (C2) IP addresses.

Secret Service Investigates Breach at U.S. Govt IT Contractor

krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/ The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

Purple Fox Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell


ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group

www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/ ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. Amnesty Internationals Senior Technologist, Claudio Guarnieri, has concluded that Stealth Falcon and Project Raven actually are the same group.. Also:

threatpost.com/stealth-falcon-middle-east-windows-bits/148136/. Stealth Falcon Targets Middle East with Windows BITS Feature

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report


North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2019/09/09/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variantsreferred to as ELECTRICFISH and BADCALLused by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

MAR-10135536-10 North Korean Trojan: BADCALL


MAR-10135536-21 North Korean Proxy Malware: ELECTRICFISH


Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.


You might be interested in …

Daily NCSC-FI news followup 2019-07-07

Libra Cryptocurrency Scams Already Active Ahead Of 2020 Launch www.bleepingcomputer.com/news/security/libra-cryptocurrency-scams-already-active-ahead-of-2020-launch/ No sooner had Facebook announced Libra cryptocurrency and the matching digital Calibra wallet that cybercriminals tried to get a head start on a new phishing theme. Europe Built a System to Fight Russian Meddling. Its Struggling. www.nytimes.com/2019/07/06/world/europe/europe-russian-disinformation-propaganda-elections.html TWITTER’S DISINFORMATION DATA DUMPS ARE HELPFULTO A POINT […]

Read More

Daily NCSC-FI news followup 2021-03-24

Rauli Paananen: Tehdään kyberturvallisuudesta kansalaistaito ja vientituote www.erillisverkot.fi/rauli-paananen-tehdaan-kyberturvallisuudesta-kansalaistaito-ja-vientituote/ Asia on yhteinen: kansallinen kyberturvallisuus rakentuu viranomaisten, elinkeinoelämän, järjestöjen ja kansalaisten yhteistyönä. Tarvitsemme lisää suomalaista osaamista ja alan yritystoimintaa näille on kysyntää maailmallakin, kirjoittaa blogivieraamme valtion kyberturvallisuusjohtaja Rauli Paananen liikenne- ja viestintäministeriöstä. Microsoftin Exchange-palvelimen haavoittuvuudesta johtuvasta henkilötietojen tietoturvaloukkauksesta tulee ilmoittaa rekisteröidyille ja tietosuojavaltuutetun toimistolle tietosuoja.fi/-/microsoftin-exchange-palvelimen-haavoittuvuudesta-johtuvasta-henkilotietojen-tietoturvaloukkauksesta-tulee-ilmoittaa-rekisteroidyille-ja-tietosuojavaltuutetun-toimistolle Tietosuojavaltuutetun toimisto […]

Read More

Daily NCSC-FI news followup 2020-03-18

Spanish operators beg customers not to screw the network up telecoms.com/503106/spanish-operators-beg-customers-not-to-screw-the-network-up/ All the major Spanish telcos have unveiled a joint statement to customers, asking for fair and reasonable use of the internet during over the foreseeable future. […] Microsoft has said it has seen a 100% growth in usage of its enterprise productivity application Teams. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.