Evolution of UNC4990: Uncovering USB Malware's Hidden Depths
UNC4990 uses USB devices for initial infection, and is likely motivated by financial gain.
The Spies Who Loved You: Infected USB Drives to Steal Secrets
In the first half of 2023, we observed a threefold increase in the number of attacks using infected USB drives to steal secrets.
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant
Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and data theft extortion. This is a significant shift from the malware’s original purpose to enable banking fraud, but is consistent with the broader threat landscape.
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant
Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions: 1) Maintain persistent administrative access to the hypervisor 2) Send commands to the hypervisor that will be routed to the guest VM for execution 3) Transfer files between the ESXi hypervisor and guest machines running beneath it 4) Tamper with logging services on the hypervisor
Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying
For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.
China-backed APT41 compromised ‘at least’ six US state governments
The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybersecurity giant Mandiant. The group — seemingly undeterred by U.S. indictments against five APT41 members in 2020 — conducted a months-long campaign during which it targeted and successfully breached […]
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and data theft extortion. This is a significant shift from the malware’s original purpose to enable banking fraud, but is consistent with the broader threat landscape.
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant
Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions: 1) Maintain persistent administrative access to the hypervisor 2) Send commands to the hypervisor that will be routed to the guest VM for execution 3) Transfer files between the ESXi hypervisor and guest machines running beneath it 4) Tamper with logging services on the hypervisor
Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying
For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.
China-backed APT41 compromised ‘at least’ six US state governments
The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybersecurity giant Mandiant. The group — seemingly undeterred by U.S. indictments against five APT41 members in 2020 — conducted a months-long campaign during which it targeted and successfully breached […]
China-backed APT41 compromised ‘at least’ six US state governments
The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybersecurity giant Mandiant. The group — seemingly undeterred by U.S. indictments against five APT41 members in 2020 — conducted a months-long campaign during which it targeted and successfully breached […]