Cyber News

Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor. The modular payload can handle C2 communications, perform system enumeration, and eventually receive, decrypt, and load additional modules. Read more >>>

A new variant of the RedLine info-stealer is distributed via emails using a fake COVID-19 Omicron stat counter app as a lure. RedLine is a widespread commodity malware sold to cyber-criminals for a couple of hundred USD. It supplies dark web markets with over half of the stolen user credentials sold to other threat actors. Read more >>>

The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email, impersonating FBI warnings that the recipients' network was breached and data was stolen. The emails pretended to warn about a "sophisticated chain attack" from an advanced threat actor known, who they identify as Vinny Troia. Troia is the head of security research of the dark web intelligence companies NightLion and Shadowbyte. Read more >>>

A new phishing campaign targets employees in financial services using links that download a 'weaponized' Excel document. The phishing campaign, dubbed MirrorBlast, was detected by security firm ET Labs in early September. The Excel files could bypass malware-detection systems because they contain "extremely lightweight" embedded macros, making them "particularly dangerous" for organizations dependent on detection-based security and sandboxing. Read more >>>

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) published a joint advisory providing details about the BlackMatter ransomware operations and defense recommendations. The advisory includes tactics, techniques, and procedures (TTPs) the group uses and detailed analysis on the variant. Read more >>>