For the last week of 2024, DarkOwl analysts highlight: 🧩 Malvertising Campaign Distributes Lumma Malware Via Fake CAPTCHAs 🐁 FBI Warns of HiatusRAT Malware Attacks Targeting Web Cameras and DVRs 🚨 DOJ Announces Seizure of Rydox and Arrest of Administrators 🇮🇷 Iran-Affiliated Threat Actors Target U.S. and Israel with IOCONTROL Malware #threatintelligence #cybernews #OSINT
DarkOwl’s Post
More Relevant Posts
-
Gamaredon, a Russia-linked hacking group, is now targeting mobile devices with two new spyware tools, BoneSpy and PlainGnome. These tools can steal SMS, call logs, location, and even camera photos, focusing on victims in former Soviet states. Find details here: https://lnkd.in/gCk-Zf85
Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States
thehackernews.com
-
Gamaredon, a Russia-linked hacking group, is now targeting mobile devices with two new spyware tools, BoneSpy and PlainGnome. These tools can steal SMS, call logs, location, and even camera photos, focusing on victims in former Soviet states. Find details here: https://lnkd.in/gCk-Zf85
Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States
thehackernews.com
-
Gamaredon, a Russia-linked hacking group, is now targeting mobile devices with two new spyware tools, BoneSpy and PlainGnome. These tools can steal SMS, call logs, location, and even camera photos, focusing on victims in former Soviet states. Find details here: https://lnkd.in/gCk-Zf85
Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States
thehackernews.com
-
Wowwww. A Russian Hacker Group called APT28, known as “Fancybear, Fighting Ursa, or Sofacy) launched a malware named HeadLace via fake luxury car ads to target diplomats.. They used cars like Audi Q7 & Quattro. A Threat Intelligence team at Palo Alto discovered and revealed that APT28 was exploring free amd public services to carry out their attack, like Webhook.site, which is used to create URL’s. Once the ad is clicked, the hackers could send a malicious HTML file that uses a multi-stage infection process. If the system the user is using is not a windows machine, the website redirects it to a decoy image hosted on something called ImgBB.
Russian Hacker Group APT28 Launches HeadLace Malware via Fake Car Ads to Target Diplomats
thecyberexpress.com
-
[#Blog] In this blog post, Volexity analyzes #DISGOMOJI 🔥, Discord-based malware 💀 using emojis for command and control (C2). #DISGOMOJI is used by #UTA0137, a suspected Pakistan-based threat actor. Read the full analysis here: https://lnkd.in/e29aQiZ2 #dfir #threatintel
DISGOMOJI Malware Used to Target Indian Government
https://www.volexity.com
-
Another excellent article from the Volexity threat team to my former Indian colleagues and friends. Make sure you invest in proper #nsm and #memoryforensic controls to close endpoint visibility gaps. And last but not least have a proper #threatintel provider
[#Blog] In this blog post, Volexity analyzes #DISGOMOJI 🔥, Discord-based malware 💀 using emojis for command and control (C2). #DISGOMOJI is used by #UTA0137, a suspected Pakistan-based threat actor. Read the full analysis here: https://lnkd.in/e29aQiZ2 #dfir #threatintel
DISGOMOJI Malware Used to Target Indian Government
https://www.volexity.com
-
Respect Science - Respect Nature - Respect Each Other. Crisis Management, Exercise Design, Pandemic & Resiliency Planning. Thought Leader, Consultant, Author & Speaker @reginaphelps.bsky.social
#cyber In case you weren't anxious already...Commercial spyware vendors such as NSO Group, Intellexa, Candiru, and Cy4Gate were the most productive in discovering new exploits to target users on Android, iOS, and browsers on various machines. Google believes in expanding sanctions and restrictions on such companies. Last year, Google observed 97 zero-day vulnerabilities exploited in the wild, over 50 percent more compared to 2022, when 62 vulnerabilities were discovered. The newly discovered zero-days number is not far from the record achieved in 2021 when 106 zero-days roamed the web. And state-sponsored threat actors from China, North Korea, and Russia are now overshadowed by commercial companies that focus on spying. Commercial spyware vendors were behind 75% of known zero-day exploits targeting devices or products from Google and Android, and most of them were also selling spyware capabilities to government customers, according to a combined analysis by Google’s Threat Analysis Group (TAG) and Mandiant. In total, 41.4% of all zero-day exploits were attributed to the so-called commercial surveillance vendors that sell or rent spyware. All government-sponsored cyber actors also had a 41.4% combined share, with the rest of zero-days going to financially motivated hackers.
World-Class Managed IT; Leader in CySec; Forensics Examiner; IT Polymath; Information Dominance
SPYING IS MY BUSINESS. AND BUSINESS IS GOOD: State-sponsored threat actors from China, North Korea, and Russia are now overshadowed by "commercial companies that focus on spying." Commercial spyware vendors were behind 75% of known zero-day exploits targeting devices from Google and Android. And most of them were also selling #spyware capabilities to government customers/clients. “The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices." By doing so, CSVs are enabling the proliferation of dangerous hacking tools. While prominent spyware vendors like NSO Group grab attention in media headlines, "dozens of smaller spyware vendors operate in the shadows." https://lnkd.in/guJaumvM #auguryit #cysec
Spyware vendors outpace state-sponsored actors in zero-day exploits | Cybernews
cybernews.com
-
An analysis of #cyberattack Turla Hackers Weaponizing LNK-Files Turla hackers have targeted Philippine companies and organizations, and to do so, they utilize a hacked media website to distribute malicious code. https://lnkd.in/dftyh8Tu #cybernews #cybercrime #cyneintelligence #cyberthreat #cyneractors
Turla Hackers Weaponizing LNK-Files To Deploy Fileless Malware
https://gbhackers.com
-
China expert analyst OSINT / Consultant / Writer / Attorney / Former NATO Rapid Response Force - Owner Extrema Ratio Consulting extremarationews.com
In recent years, elite commercial spyware vendors like Intellexa and NSO Group have developed an array of powerful hacking tools that exploit rare and unpatched “zero-day” software vulnerabilities to compromise victim devices. And increasingly, governments around the world have emerged as the prime customers for these tools, compromising the smartphones of opposition leaders, journalists, activists, lawyers, and others. On Thursday, though, Google's Threat Analysis Group is publishing findings about a series of recent hacking campaigns—seemingly carried out by Russia's notorious APT29 Cozy Bear gang—that incorporate exploits very similar to ones developed by Intellexa and NSO Group into ongoing espionage activity. https://lnkd.in/dNJzsJUu
Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks
wired.com
-
The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. https://lnkd.in/eZ_T-Dc8
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
bleepingcomputer.com
