Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments
The Justice Department announced today that, as part of an international law enforcement effort, federal authorities in Boston seized internet domains that were used to sell computer malware used by cybercriminals to secretly access and steal data from victims’ computers. Federal authorities in Atlanta and Boston also unsealed indictments charging individuals in Malta and Nigeria, respectively, for their alleged involvement in selling the malware and supporting cybercriminals seeking to use the malware for malicious purposes.
BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates
Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybe...
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
AVrecon malware infects 70,000 Linux routers to build botnet
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.
A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of…
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
Threat actor RomCom RAT is now targeting Ukrainian military institutions. Known to deploy spoofed versions of popular software Advanced IP Scanner, once exposed, RomCom RAT switched to PDF Filler, another popular application, which indicates the group behind it is actively developing new capabilities.
CISA analyzed 4 files associated with HyperBro malware. The files creates a backdoor program that is capable of uploading and downloading files to and from the system. The RAT is also capable of logging keystrokes and executing commands on the system.
Webworm: Espionage Attackers Testing and Using Older Modified RATs
The attackers are working on a number of malware threats, some of which have been used in attacks while others are in pre-deployment or testing stages. Symantec, by Broadcom Software, has gained insight into the current activities of a group we call Webworm. The group has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. At least one of the indicators of compromise (IOCs) observed by Symantec was used in an attack against an IT service provider operating in multiple Asian countries, while others appear to be in pre-deployment or testing stages.
New Wave of Espionage Activity Targets Asian Governments
Governments and state-owned organizations are the latest targets of a well-established threat actor. A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. The attacks, which have been underway since at least early 2021, appear to have intelligence gathering as their main goal.
MagicRAT: Lazarus’ latest gateway into victim networks
Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. * Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms. * We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently. * TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog.