StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure

StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure

Bitdefender researchers have recently found the APT group StrongPity has been targeting victims in Turkey and Syria. Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections ... Read More
SSH-Targeting Golang Bots Becoming the New Norm

SSH-Targeting Golang Bots Becoming the New Norm

Bitdefender researchers have recently found an increasing number of SSH-targeting bots written in Golang. Traditionally, popular malware is written in C, C++ and Perl, and it’s rare that we see attackers creating new malware or bots from scratch, especially using a different programming language. Customizing existing code and botnets is ... Read More

Half of Security Professionals Had No Contingency Plan in Place for COVID-19

|
Security has been a huge concern for both businesses and individuals as many employees continue to work from home, with many woefully under prepared for the impact that COVID-19 has had. In fact, new research by Bitdefender found half of infosec professionals (50%) didn’t have a contingency plan in place ... Read More
Russian ’Sandworm‘ Hackers Attacking Exim Email Servers, Says NSA

Russian ’Sandworm‘ Hackers Attacking Exim Email Servers, Says NSA

An advanced Russian government cyber-espionage unit has been exploiting a known Exim email server vulnerability since August 2019, according to an NSA security alert. The NSA said the Russian hackers are part of the GRU Main Center for Special Technologies (GTsST), field post number 74455, and it believes the group ... Read More
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia

Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia

Bitdefender researchers have found attacks conducted by the Chafer APT threat group – known to have an apparent Iranian link – in the Middle East region, dating back to 2018. The campaigns were based on several tools, including “living off the land” tools, which makes attribution difficult, as well as ... Read More
Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic

Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic

With healthcare systems under constant strain amid the SARS-CoV-2 global pandemic, hospitals and healthcare facilities around the world have also been hit by a wave of cyberattacks, including ransomware attacks. While officials have already issued warnings that hospitals, governments and universities may be more conscious about losing data and access ... Read More
Android Campaign from Known OceanLotus APT Group Potentially Older than Estimated, Abused Legitimate Certificate

Android Campaign from Known OceanLotus APT Group Potentially Older than Estimated, Abused Legitimate Certificate

A group of sophisticated threat actors known as OceanLotus or PhantomLance has recently become known for disseminating advanced Android threats via official and third-party marketplaces since 2014. They have sought to remotely control infected devices, steal confidential data, install applications and launch arbitrary code. While security researchers have recently documented ... Read More
Coronavirus-themed Threat Reports Haven’t Flattened The Curve

Coronavirus-themed Threat Reports Haven’t Flattened The Curve

With the Coronavirus pandemic still going strong, cybercriminals have continued leveraging this crisis by pushing threats designed to compromise victims’ data and security. If during mid-March we’d already seen a five-fold increase in Coronavirus-related threats, recent telemetry shows that cybercriminals have not backed down on their campaigns. If anything, the ... Read More
Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal

Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal

Bitdefender researchers have recently found spearphishing campaigns, either impersonating a well-known Egyptian engineering contractor or a shipment company, dropping the Agent Tesla spyware Trojan. The impersonated engineering contractor (Enppi – Engineering for Petroleum and Process Industries) has experience in onshore and offshore projects in oil and gas, with attackers abusing ... Read More
New dark_nexus IoT Botnet Puts Others to Shame

New dark_nexus IoT Botnet Puts Others to Shame

Bitdefender researchers have recently found a new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we’ve seen. We named the botnet “dark_nexus” based on a string it prints in its banner. In one of its earliest versions, it used this name ... Read More