Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names 137

File names Financial Services Manufacturing Libraries 137

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware 144

Ransomware Encryption File names Passwords 144

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. similarities in jumps based on BinDiff, a comparison tool for binary files.”

Ransomware 98

Ransomware Encryption File names Cybersecurity 98

Security Affairs

MARCH 26, 2021

Experts discovered that threat actors targeted a large US transportation & logistics organization, a large US consumer products organization, and a global manufacturing organization. “In addition to data theft, actors deploy Hades ransomware to encrypt files identified on the victim network. ” concludes the report.

Ransomware 143

Ransomware Encryption File names Manufacturing 143

Security Affairs

JANUARY 28, 2020

Like other ransomware, upon execution Snake will remove the computer’s Shadow Volume Copies, it also kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. a file named invoice.doc is encrypted and renamed like invoice.docIksrt.

Ransomware 97

Ransomware Energy and Utilities Manufacturing Encryption 97

Security Affairs

JUNE 5, 2020

One of them is Netwire ( MITRE S0198 ), a multiplatform remote administration tool (RAT) that has been used by criminals and espionage groups at least since 2012. The macro contained inside the document is quite minimal and does not contain dead code or other anti-analysis technique, a part of the random looking variable naming.

Manufacturing 99

Manufacturing File names IT Libraries 99

Security Affairs

APRIL 28, 2020

Once the machine is fully compromised, the attacker will install a complete hacking suite, composed of an IRC bot, an SSH scanner, a bruteforce tool, and an XMRIG crypto-miner. When the machine is completely infected, the installed files are the following: Figure 2: Directory listing. The initial script is the file named “ a ”.

Mining 104

Mining File names Honeypots IT 104