Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label nation-state hackers. Show all posts
Zero-day Flaw
Malicious Files nation-state hackers Threat Landscape Vulnerabilities and Exploits Zero-day Flaw

Windows Shortcut Vulnerability Exploited by 11 State-Sponsored Outfits

 

Since 2017, at least 11 state-sponsored threat groups have actively exploited a Microsoft zero-day issue that allows for abuse of Windows shortcut files to steal data and commit cyber espionage against organisations across multiple industries. 

Threat analysts from Trend Micro's Trend Zero Day Initiative (ZDI) discovered roughly 1,000 malicious.lnk files that exploited the flaw, known as ZDI-CAN-25373, which allowed cyber criminals to execute concealed malicious commands on a victim's PC via customised shortcut files.

“By exploiting this vulnerability, an attacker can prepare a malicious .lnk file for delivery to a victim,” researchers at Trend Micro noted. “Upon examining the file using the Windows-provided user interface, the victim will not be able to tell that the file contains any malicious content.”

The malicious files delivered by cybercriminals include a variety of payloads, including the Lumma infostealer and the Remcos remote access Trojan (RAT), which expose organisations to data theft and cyber espionage. 

State-sponsored outfits from North Korea, Iran, Russia, and China, as well as non-state actors, are among those behind the flaw attacks, which have affected organisations in the government, financial, telecommunications, military, and energy sectors across North America, Europe, Asia, South America, and Australia. 

Additionally, 45% of attacks were carried out by North Korean players, with Iran, Russia, and China each accounting for approximately 18%. Some of the groups listed as attackers are Evil Corp, Kimsuky, Bitter, and Mustang Panda, among others.

According to Trend Micro, Microsoft has not fixed the flaw despite receiving a proof-of-concept exploit through Trend ZDI's bug bounty program. Trend Micro did not react to a follow-up request for comment on their flaw detection and submission timeline.

Microsoft's position remains that it will not be fixing the vulnerability described by Trend Micro at this time because it "does not meet the bar for immediate servicing under our severity classification guidelines," though the company "will consider addressing it in a future feature release," according to an email from a Microsoft spokesperson.

Meanwhile, Microsoft Defender can detect and block threat behaviour, as detailed by Trend Micro, and Microsoft's Windows Smart App Control prevents malicious files from being downloaded from the internet. Furthermore, Windows recognises shortcut (.lnk) files as potentially malicious file types, and the system will automatically display a warning if a user attempts to download one.
Read more »
Threat Landscape
Cyber Attacks Endpoint Device Internet Routers nation-state hackers Threat Landscape

Hackers are Targeting Routers Across the Globe

 

When hackers identify an unsecured router, they penetrate it by installing malware that provides them persistence, the ability to launch distributed denial of service (DDoS) assaults, hide malicious data, and more. But what happens when the hackers discover a router that has already been infiltrated by a rival gang? 

Trend Micro cybersecurity researchers published a report that discovered one of two things: either one party allows the other to use the compromised infrastructure for a charge, or they both find a separate technique to break into the device and use it simultaneously. 

The researchers used Ubiquity's EdgeRouters as an example of internet routers that were exploited concurrently by a number of hacker groups, some of which were state-sponsored and others were financially motivated. 

“Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult,” the researchers stated. “This shared interest results in malicious internet traffic blending financial and espionage motives.” 

When it comes to Ubiquity, Trend Micro analysts reported that the APT28 criminal leveraged the endpoints for "persistent espionage campaigns." APT28 is a Russian state-sponsored outfit also known as Fancy Bear or Pawn Storm. At the same time, they discovered a financially motivated group known as the Canadian Pharmacy Gang, which used the same infrastructure to launch pharmaceutical-related phishing activities. Finally, they discovered the Ngioweb malware being loaded directly into the RAM of these devices, which was attributed to the Ramnit group.

The main reason EdgeRouters were so often targeted was that their victims either left them completely undefended or with only weak security. They don't stand out much from other routers, which are all equally desirable targets for hackers. Trend Micro found that this is due to the fact that they have less stringent password demands, are rarely updated, and operate on powerful operating systems that can be utilised for a variety of purposes.
Read more »
Washington DC
conservative think tank cyber attack Cyber Attacks cyber espionage Cybersecurity donor information Heritage Foundation Investigation nation-state hackers Politico Republican politics Washington DC

US Think Tank Struck by Cyberattack

 

The Heritage Foundation, a prominent conservative think tank based in Washington, DC, revealed on Friday that it had fallen victim to a cyberattack earlier in the week. The attack, which occurred amid ongoing efforts to mitigate its effects, left the organization grappling with uncertainties regarding potential data breaches. 

Although the exact extent of the breach remained unclear, the foundation took proactive measures by temporarily shutting down its network to prevent further infiltration while launching an investigation into the incident.

Initial reports of the cyberattack surfaced through Politico, citing a Heritage official who speculated that the perpetrators behind the attack could be nation-state hackers. However, no concrete evidence was provided to substantiate this claim. Despite inquiries, Heritage spokesperson Noah Weinrich refrained from offering comments, both on Thursday via email and when approached by TechCrunch on Friday.

Founded in 1973, the Heritage Foundation has emerged as a significant force in conservative advocacy and policymaking, exerting considerable influence within Republican circles. Yet, its prominence also renders it a prime target for cyber threats, with think tanks often serving as lucrative targets for cyber espionage due to their close ties to government entities and policymaking processes. 

This incident marks another instance in which Heritage has faced cyber adversity, reminiscent of a 2015 attack that resulted in the unauthorized access and theft of internal emails and sensitive donor information.
Read more »
Subscribe to: Posts (Atom)