Lumen Black Lotus Labs has discovered a new Remote Access Trojan (RAT) called ZuoRAT, attacking remote workers’ routers in North America and Europe since 2020. The malware appeared in the first months of the COVID-19 pandemic but remained unnoticed for more than two years. The researchers write that the complexity of this targeted campaign, as… Continue reading ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers
Tag: Cobalt Strike
Chinese Hackers Use Ransomware As a Cover for Espionage
Secureworks experts have found that Chinese hackers from two groups that specialize in espionage and theft of intellectual property from Japanese and Western companies use ransomware to hide their actions. Let me remind you that we also wrote that Chinese Hacker Group Revealed after a Decade of Undetected Espionage, and also that Chinese Hackers Attack… Continue reading Chinese Hackers Use Ransomware As a Cover for Espionage
Russian Hackers Use Follina Vulnerability to Attack Users in Ukraine
The Ukraine Computer Emergency Response Team (CERT-UA) said Russian hackers are exploiting the Follina vulnerability in new phishing campaigns to install CredoMap malware and Cobalt Strike beacons. According to experts, the APT28 hacker group (Strontium, Fancy Bear and Sofacy) sends out emails with a malicious document called “Nuclear Terrorism Is a Real Threat.rtf”. The hackers… Continue reading Russian Hackers Use Follina Vulnerability to Attack Users in Ukraine
A WSO2 Vulnerability is Fraught with Remote Code Execution
The products by WSO2, an open-source API, applications, and web services provider, have been attacked in the wild through the CVE-2022-29464 vulnerability detected back in April 2022. This vulnerability allows attackers to execute malicious code remotely via unhindered file uploading. The scheme of the attack begins with web shell installation through *.jsp or *.war files… Continue reading A WSO2 Vulnerability is Fraught with Remote Code Execution
Fake Exploits Used to Deliver Cobalt Strike Beacons
Cyble experts have warned that cybercriminals are attacking IS researchers, distributing malware under the guise of exploits for Windows, which eventually installs Cobalt Strike beacons on the experts’ machines. Let me remind you that we also wrote that Emotet now installs Cobalt Strike beacons. Cyble analysts report that malware disguised as PoC exploits for a… Continue reading Fake Exploits Used to Deliver Cobalt Strike Beacons
Cybersecurity Experts Analyzed the Methods of a Group of Russian Hackers Wizard Spider
Information security specialists from PRODAFT have published the results of an investigation into the Wizard Spider group, which is allegedly associated with the Grim Spider and Lunar Spider hacker groups. The Wizard Spider group, possibly of Russian origin, manages an infrastructure of “a complex set of sub-commands and groups, controls a huge number of hacked… Continue reading Cybersecurity Experts Analyzed the Methods of a Group of Russian Hackers Wizard Spider
Experts are already fixing attacks on the Log4Shell vulnerability
Security researchers are already scanning the network looking for products affected by a dangerous bug in the Log4j library and are fixing the results of cybercriminals’ attacks on a Log4Shell vulnerability. The vulnerability is already being exploited to deploy miners, Cobalt Strike beacons, etc. An issue in the popular Log4j logging library included in the… Continue reading Experts are already fixing attacks on the Log4Shell vulnerability
Emotet now installs Cobalt Strike beacons
The researchers warn that Emotet now directly installs Cobalt Strike beacons on infected systems, providing immediate access to the network for attackers. Those can use it for lateral movement, which will greatly facilitate extortion attacks. Let me remind you that usually Emotet installs TrickBot or Qbot malware on the victim’s machines, and that one already… Continue reading Emotet now installs Cobalt Strike beacons