Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to « hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware, » the Microsoft Threat Intelligence team said in a series of posts on X […]
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. « This malware family is written using the .NET framework and leverages the domain name service (DNS) protocol to create a covert channel and provide different backdoor functionalities, » Palo Alto Networks Unit […]
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. « Dunaev developed browser modifications and malicious tools that aided in […]
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. « Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers, » Oslo-based mobile app
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
The most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached 800 Gbps, but now, even a peak as high as 1.5+ Tbps is unsurprising. To try and break through Gcore’s defenses, perpetrators made two attempts with two different strategies.
WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an « additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else. » Secret Code […]
Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath […]
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of Gh0st […]
JO 2024 : un kit ANSSI pour la gestion de crise cyber
Dans la lignée de son panorama de la menace cyber pour les JO 2024, l’ANSSI publie un kit d’exercices de gestion de crise.
Stress des RSSI : et si on commençait par dire CISO ?
Dans la continuité de son enquête sur le stress des RSSI, le Cesin en a étudié les causes et propose des pistes de résolution.