Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals

Credit to Author: Feike Hacquebord| Date: Tue, 30 May 2023 00:00:00 +0000

Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of the RomCom backdoor in recent attacks shows how Void Rabisu’s motives seem to have changed since at least October 2022.

Read more

New Info Stealer Bandit Stealer Targets Browsers, Wallets

Credit to Author: Sarah Pearl Camiling| Date: Fri, 26 May 2023 00:00:00 +0000

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets.

Read more

Rust-Based Info Stealers Abuse GitHub Codespaces

Credit to Author: Nitesh Surana| Date: Fri, 19 May 2023 00:00:00 +0000

This is the first part of our security analysis of an information stealer targeting GitHub Codespaces (CS) that discusses how attackers can abuse these cloud services for a variety of malicious activities.

Read more

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices

Credit to Author: Fyodor Yarochkin| Date: Wed, 17 May 2023 00:00:00 +0000

An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.

Read more

8220 Gang Evolves With New Strategies

Credit to Author: Sunil Bharti| Date: Tue, 16 May 2023 00:00:00 +0000

We observed the threat actor group known as “8220 Gang” employing new strategies for their respective campaigns, including exploits for the Linux utility “lwp-download” and CVE-2017-3506, an Oracle WebLogic vulnerability.

Read more

Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules

Credit to Author: Jaromir Horejsi| Date: Mon, 15 May 2023 00:00:00 +0000

Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work.

Read more