Archiving, Communications, Information Security and Security

IT Army of Ukraine gained access to a 1.5GB archive from Gazprom

Security Affairs

JANUARY 31, 2023

GB archive. GB archive belonging to the Russian energy giant Gazprom. The group of hacktivists announced the hack on their Telegram channel claiming that the archive contains more than 6,000 files of the companies of the Gazprom group. “The archive with a capacity of 1.5 “The archive with a capacity of 1.5

Archiving

Archiving Access IT Communications

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

The messages use specially crafted archives containing LNK files disguised as regular documents. These archives mimicked the installation process of Microsoft Defender or exploited current US political issues. Attackers are constantly adapting their tactics, necessitating a layered security approach.”

Archiving

Archiving Military Communications Phishing

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) reported that since April, threat actors used the the Phorpiex botnet to send millions of phishing emails as part of a LockBit Black ransomware campaign. Endpoint Security : Install endpoint security solutions to fortify defenses against malware attacks.

Phishing

Phishing Ransomware Security awareness Authentication

BlackWater, a malware that uses Cloudflare Workers for C2 Communication

Security Affairs

MARCH 15, 2020

The RAR archive contains a file named “Important – COVID-19” that displays a Word icon. The post BlackWater, a malware that uses Cloudflare Workers for C2 Communication appeared first on Security Affairs. . "Important – COVID-19.rar" rar" -> "Important – COVID-19.docx.exe"

Communications

Communications File names Archiving Phishing

North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp

Security Affairs

SEPTEMBER 16, 2022

Subsequently, UNC4034 communicated with them over WhatsApp and after the communication is established with the victim over WhatsApp, then threat actors tricked victims into downloading a malicious ISO image masqueraded as a fake job. The attack chain starts with a fake job opportunity at Amazon sent to the victims via email.

Archiving

Archiving Communications Phishing Access

Security Affairs newsletter Round 342

Security Affairs

NOVEMBER 28, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 342 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Security

Security Honeypots Data breaches Ransomware

How to Mitigate Risks of Using Commercial Messaging Apps for Work-Related Communication

IG Guru

SEPTEMBER 4, 2021

The post How to Mitigate Risks of Using Commercial Messaging Apps for Work-Related Communication appeared first on IG GURU. Many physical office spaces have been shut down and millions of employees were (and some still are) […].

Communications

Communications Risk IT Records Management

New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict

Security Affairs

MARCH 21, 2023

Researchers believe that threat actors use spear phishing as an initial attack vector, the messages include an URL pointing to a ZIP archive hosted on a web server under the control of the attackers. The archive contained two files, a decoy document (i.e. pdf.lnk) used to start the infection and deploy the PowerMagic backdoor.

Agriculture

Agriculture Archiving Communications Phishing

DarkWatchman RAT uses Windows Registry fileless storage mechanism

Security Affairs

DECEMBER 20, 2021

The DarkWatchman RAT uses the registry for nearly all temporary and permanent storage, it doesn’t write to disk evading most security tools. . The DarkWatchman has been distributed through phishing emails that use malicious ZIP archives (named ‘????????? ?12-6317-3621.zip’ 12-6317-3621.zip’ ” continues the analysis.

Archiving

Archiving Communications Ransomware Phishing

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

. “Grandoreiro is written in Delphi and utilizes techniques like binary padding to inflate binaries, Captcha implementation for sandbox evasion, and command-and-control (CnC) communication using patterns that are identical to LatentBot.” ” concludes the report. Follow me on Twitter: @securityaffairs and Facebook.

Archiving

Archiving Phishing Communications Manufacturing

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

According to Microsoft, the campaign aims at building capabilities that could disrupt critical communications infrastructure between the United States and Asia region in the case of future crises. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar. We are in the final!

Communications

Communications Manufacturing Access Archiving

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

The backdoor uses emails for C2 communications, where the C2 is the victim’s Microsoft Exchange server. The archive contained a malicious.NET executable (Brochure.exe) which is an executable with an Adobe PDF icon. The experts speculate that the backdoor is likely linked to an Iran-linked APT group. We are in the final!

Communications

Communications File names Archiving Phishing

Iran-linked UNC3313 APT employed two custom backdoors against a Middle East gov entity

Security Affairs

FEBRUARY 28, 2022

“UNC3313 initially gained access to this organization through a targeted phishing email and leveraged modified, open-source offensive security tools to identify accessible systems and move laterally.” STARWHALE communicates with the C2 server via HTTP. .” reads the analysis published by Mandiant. Pierluigi Paganini.

Phishing

Phishing Archiving Communications Access

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

Researchers believe that threat actors use spear phishing as an initial attack vector, the messages include an URL pointing to a ZIP archive hosted on a web server under the control of the attackers. The archive contained two files, a decoy document (i.e. pdf.lnk) used to start the infection and deploy the PowerMagic backdoor.

Communications

Communications Agriculture Cloud Archiving

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

To fulfill these principles, data protection strategies generally focus on the following three areas: Data security —protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle. Cyberattacks that aim to steal sensitive information continue to rise.

Data breaches

Data breaches GDPR Compliance Encryption

Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers

Security Affairs

JUNE 29, 2022

“ “An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive. “The only requirement for this attack is that unrar is installed on the server, which is expected as it is required for RAR archive virus-scanning and spam-checking.”

Archiving

Archiving Authentication Communications Security

Samsung suffered a new data breach

Security Affairs

NOVEMBER 16, 2023

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. “What information was involved? What happened?

Data breaches

Data breaches Access Archiving Passwords

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. . The archive contains a weaponized Microsoft Excel file (.XLSM),

Phishing

Phishing Passwords Communications Archiving

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

JUNE 7, 2021

“Specialists of the Security Service of Ukraine established that in early June this year, mass e-mails were sent with the sender’s address changed. The messages use a RAR archive as an attachment and trick victims into opening it. Upon downloading and opening the archive, an EXE file with a double extension, filename.

Phishing

Phishing Archiving Government Passwords

Russian Gamaredon APT continues to target Ukraine

Security Affairs

APRIL 20, 2022

The researchers pointed out that each variant will communicate with a different command-and-control (C&C) server. The attackers are using multiple different payloads to establish persistence on the infected systems and to be resilient to takedown operations conducted by security firms and government experts. Pierluigi Paganini.

Archiving

Archiving Phishing Communications Cybersecurity

New DDoS IRC Bot distributed through Korean webHard platforms

Security Affairs

JANUARY 19, 2022

Researchers from AhnLab’s Security Emergency-response Center (ASEC) spotted an IRC bot written in GoLang that is being used to carry out DDoS attacks targeting users in Korea. The malicious code is hosted on a web hard drive or a remote file hosting service in the form of compressed ZIP archives. Pierluigi Paganini.

Archiving

Archiving Communications Security IT

Monero Cryptocurrency campaign exploits ProxyLogon flaws

Security Affairs

APRIL 18, 2021

“The.zip file is not a compressed archive, but a batch script that then invokes the built-into-Windows certutil.exe program to download two additional files, win_s.zip and win_d.zip.” “Among the files contained in the QuickCPU.dat archive are the configurator for the miner, which appears to be xmr-stak.

File names

File names Archiving Passwords Communications

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

The Dropbox link leads to a RAR archive that masquerades as a Word document by setting the “file_subpath” parameter to point to a filename with a.DOCX extension. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. ” reads the analysis published by Kaspersky.

Archiving

Archiving File names Government Libraries

Ukrainian researcher leaked the source code of Conti Ransomware

Security Affairs

MARCH 2, 2022

The researchers who leaked the data belonging to Conti’s communications announced more dumps are coming, and now he is leaking the source for their ransomware, including the administrative console. The post Ukrainian researcher leaked the source code of Conti Ransomware appeared first on Security Affairs. Pierluigi Paganini.

Ransomware

Ransomware Passwords Archiving Communications

MontysThree threat actor targets Russian industrial organizations

Security Affairs

OCTOBER 8, 2020

The loader allows to deliver the main payload, experts noticed that it is hidden inside a self-extracting RAR archive. In order to trick the victims into opening it, the archive references phone lists, medical test results or technical documentation in order to convince the employees of the targeted organization to download the file.

Encryption

Encryption Archiving Communications Cloud

New ransomware group Hive leaks Altus group sample files

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. Now, we have information that their data may have possibly been leaked by Hive – a new ransomware group. Altus Group has been informed about the new development. Pierluigi Paganini.

Ransomware

Ransomware File names Archiving Encryption

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

National Security Agency (NSA) Equation Group. The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization. . Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, backdoor).

Encryption

Encryption Military Archiving Government

More than 737 million medical radiological images found on open PACS servers

Security Affairs

SEPTEMBER 18, 2019

Greenbone Networks researchers analyzed about 2,300 Picture Archiving and Communication System (PACS) systems exposed online. PACS servers are used in the healthcare industry to archive images created by radiological processes and to make them available to medical staff for analysis and diagnosis. million patient records.

Archiving

Archiving Communications Access Phishing

French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data

Security Affairs

DECEMBER 1, 2020

An archive of 25,000+ partner and client organizations, such as pharmaceutical laboratories and pharmacies, serviced by the Apodis Pharma distribution platform. An archive of 25,000+ partner and client organizations, such as pharmaceutical laboratories and pharmacies, serviced by the Apodis Pharma distribution platform.

Healthcare

Healthcare Archiving Sales Access

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. ” GAP #1. 22, 2020, the U.S.

Ransomware

Ransomware Government Security IT

French daily Le Figaro leaks 7.4 Billion records

Security Affairs

MAY 2, 2020

French daily Le Figaro database accidentally exposed online, the archive included roughly 7.4 billion records containing personal information of employees and users. billion records containing personally identifiable information (PII) of employees, reporters, and at least 42,000 users. billion records.” billion records.”

Passwords

Passwords Archiving Phishing Access

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The threat actors leverage spear-phishing emails to deliver archive files utilizing DLL side-loading schemes. report – CurKeep collects information about the infected machine. The backdoor uses HTTP for its communications. appeared first on Security Affairs. In turn, the C2 responds with strings of commands.

Government

Government IT Encryption Libraries

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

Security Affairs

MARCH 6, 2024

s March 2nd update to analyze P2P communications related to leaked data and TOR network connections. In fact, the cybersecurity community often overlooks the fact that LockBit 3.0 was one of the first ransomware groups to start embedding leaked data into torrent files for download and uploading these archives to TOR.

Risk

Risk Ransomware Access Cybersecurity

Ursnif campaign targets Italy with a new infection Chain

Security Affairs

MARCH 17, 2020

An evidence about the presence of the malicious file hosted on the legit website is shown in the following figure: Figure 5: Communication with the DropUrl. The downloaded file, as previously mentioned, is a Self Extracting Archive (SFX/SEA). Sample information about the ursnif SFX Packer. The “plugin.rar” archive content.

Archiving

Archiving Passwords Encryption IT

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

Security experts from ESET uncovered a new sophisticated cyber-espionage campaign, dubbed “ Operation In(ter)recepti on ,” aimed at aerospace and military organizations in Europe and the Middle East. “a password-protected RAR archive containing a LNK file. Attackers used documents related to the job offer as a lure.

Military

Military Archiving Passwords Communications

DownEx cyberespionage operation targets Central Asia

Security Affairs

MAY 10, 2023

The executable is a self-contained archive that once executed will extract two files. The experts noticed that the attachment was simply named “ ! to embassy kazakh 2022.exe exe ” and used the icon image associated with docx files. “During our investigation, we have identified multiple samples of new malware written in C++.

File names

File names Archiving Phishing Government

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as a first-stage malware. This variant uses 207[.]32.217.89

Manufacturing

Manufacturing File names Archiving Encryption

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The malware attempt to connect via SSH on Port 22 and deliver itself as a gzip archive. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. ” The expert discovered that the script executes init2, that is one of the files in the gzip archive, if the directory.

IoT

IoT Honeypots Libraries Archiving

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

.” As part of this campaign, state-sponsored hackers compromised the websites of the Embassy of Armenia in Russia, the Ministry of Nature Protection and Natural Resources of the Republic of Artsakh, the Armenian Institute of International and Security Affairs, and the Armenian Deposit Guarantee Fund. Pierluigi Paganini.

Archiving

Archiving Government Communications IT

Chinese MirrorFace APT group targets Japanese political entities

Security Affairs

DECEMBER 15, 2022

” One of the spear-phishing messages analyzed by the researchers posed as an official communication from the PR department of a specific Japanese political party. The attachment was a self-extracting WinRAR archive, upon opening it it will start LODEINFO infection. Pierluigi Paganini. SecurityAffairs – hacking, MirrorFace).

Phishing

Phishing Archiving Communications IT

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

The attack chain aims at distributing.RAR archive from the legitimate site file.io Last stagers use two communication mechanisms, over HTTP with RC4 encryption and unencrypted with named pipes. The post Malware campaign hides a shellcode into Windows event logs appeared first on Security Affairs. ” concludes the report.

Encryption

Encryption Libraries Archiving Communications

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, taking over systems used to manage security solutions. The threat actors deploy multiple backdoors on the target systems, experts believe the attackers used them to create redundant channels of communication. Pierluigi Paganini.

Encryption

Encryption Military Archiving Phishing

Croatia government agencies targeted with news SilentTrinity malware

Security Affairs

JULY 7, 2019

. “Here is what happens after the PE file is run (although the intermediate link does not necessarily have to be a PE file): Contact is made with the C2 server to download a ZIP archive with necessary dependencies and main Python script. The archive contents are extracted, without being saved to disk. Pierluigi Paganini.

Government

Government Computer and Electronics Archiving Phishing

Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37?

Security Affairs

JULY 24, 2022

The attachment used in this campaign is an archive containing a Word document (missile.docx) and a Windows Shortcut file (_weapons.doc.lnk.lnk). At this point, C2 communications are once again established allowing the attackers to access the system. appeared first on Security Affairs. Pierluigi Paganini.

Archiving

Archiving Phishing Encryption Communications

IT Army of Ukraine gained access to a 1.5GB archive from Gazprom

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Trending Sources

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

BlackWater, a malware that uses Cloudflare Workers for C2 Communication

North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp

Security Affairs newsletter Round 342

How to Mitigate Risks of Using Commercial Messaging Apps for Work-Related Communication

New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict

DarkWatchman RAT uses Windows Registry fileless storage mechanism

Grandoreiro banking malware targets Mexico and Spain

China-linked APT Volt Typhoon targets critical infrastructure organizations

New PowerExchange Backdoor linked to an Iranian APT group

Iran-linked UNC3313 APT employed two custom backdoors against a Middle East gov entity

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Data protection strategy: Key components and best practices

Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers

Samsung suffered a new data breach

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Russia behind a massive spear-phishing campaign that hit Ukraine

Russian Gamaredon APT continues to target Ukraine

New DDoS IRC Bot distributed through Korean webHard platforms

Monero Cryptocurrency campaign exploits ProxyLogon flaws

China-linked LuminousMoth APT targets entities from Southeast Asia

Ukrainian researcher leaked the source code of Conti Ransomware

MontysThree threat actor targets Russian industrial organizations

New ransomware group Hive leaks Altus group sample files

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

More than 737 million medical radiological images found on open PACS servers

French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data

Conti Ransomware Group Diaries, Part I: Evasion

French daily Le Figaro leaks 7.4 Billion records

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

Ursnif campaign targets Italy with a new infection Chain

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

DownEx cyberespionage operation targets Central Asia

New RedLine malware version distributed as fake Omicron stat counter

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Russia-Linked Turla APT uses new malware in watering hole attacks

Chinese MirrorFace APT group targets Japanese political entities

Malware campaign hides a shellcode into Windows event logs

Chinese actors behind attacks on industrial enterprises and public institutions

Croatia government agencies targeted with news SilentTrinity malware

Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37?

Stay Connected