Tag Archive for: Carrying

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

/in


Apr 08, 2023Ravie LakshmananCyber War / Cyber Threat

Iran-Based Hackers

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation.

That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084.

“While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation,” the tech giant revealed Friday.

MuddyWater is the name assigned to an Iran-based actor that the U.S. government has publicly connected to the country’s Ministry of Intelligence and Security (MOIS). It’s been known to be active since at least 2017.

It’s also tracked by the cybersecurity community under various names, including Boggy Serpens, Cobalt Ulster, Earth Vetala, ITG17, Mercury, Seedworm, Static Kitten, TEMP.Zagros, and Yellow Nix.

Attacks mounted by the group have primarily singled out Middle Eastern nations, with intrusions observed over the past year leveraging the Log4Shell flaw to breach Israeli entities.

The latest findings from Microsoft reveal the threat actor probably worked together with DEV-1084 to pull off the attack, the latter of which conducted the destructive actions after MuddyWater successfully gained a foothold onto the target environment.

“Mercury likely exploited known vulnerabilities in unpatched applications for initial access before handing off access to DEV-1084 to perform extensive reconnaissance and discovery, establish persistence, and move laterally throughout the network, oftentimes waiting weeks and sometimes months before progressing to the next stage,” Microsoft said.

In the activity detected by Redmond, DEV-1084 subsequently abused highly privileged compromised credentials to perform encryption of on-premise devices and large-scale deletion of cloud resources, including server farms, virtual machines, storage accounts, and virtual networks.

Furthermore, the threat actors gained full access…

Source…

Minecraft Modpacks Carrying Malware Returned to the Play Store Under New Names| TechNadu

/in


  • The authors of adware-ridden Minecraft modpack apps have found a way into the Play Store again.
  • The apps now use an extra module that adds more functions like opening app pages or YouTube videos.
  • Keeping malware outside the Play Store is practically impossible, so users are advised to pick their apps carefully.

Back in November 2020, Kaspersky discovered several fake Minecraft “modpack” apps on the Play Store, which had the sole purpose of infecting unsuspecting users with adware. After the apps were reported to Google and quickly removed, their authors had to return to the drawing board, and according to Kaspersky’s latest report, they did. The malware-ridden apps have returned on the Google Play Store, albeit under new names and themes, and also with some additional hiding tricks under their sleeve.

More specifically, Kaspersky decided to look at the currently available Minecraft modpack apps again and was not surprised to find that many of them were again adware. The addition this time comes in the form of an extra module fetched by the apps after installation, enabling them to carry out more functions. These include hiding their icons, run the browser, play YouTube videos, open Google Play app pages, and more.

Of course, the apps download this module after their installation to evade review-stage rejections and also to secure the granting of risky permissions from the user. As such, this is yet another reminder to pay attention to what is requested from you on the permissions prompt and not just approve anything that is thrown at you.

Source: Kaspersky

In addition to the Minecraft mods, which appears to be a pretty risky category, Kaspersky mentions an app named “File Recovery – Recover Deleted Files” v1.1.0, which carries the same adware. The app has been available on the Play Store until late February 2021, so there’s a good chance that a significant number of Android devices still have it. After its removal at that point, the developers uploaded a clean version, number 1.1.1, which isn’t dangerous to use.

More recent examples come in the form of fake Madgicx and fake TikTok ad-management apps, which are basically just phishing Facebook accounts…

Source…

Why it’s worth carrying more than one gadget – Popular Science

/in

Why it’s worth carrying more than one gadget  Popular Science

From gaming on the go to reading e-books without eye strain, your phone isn’t always the only gadget you should pack.

“Don’t Plug Your Phone into a Charger You Don’t Own” – read more

Chinese government carrying out global cyberwarfare campaign, UK says – The Independent

/in
  1. Chinese government carrying out global cyberwarfare campaign, UK says  The Independent
  2. West accuses China of carrying out ‘malicious’ cyber warfare campaign  The National
  3. US and UK accuse China of cyber espionage campaign  Financial Times
  4. US Indicts Two Chinese Nationals For Massive Hacking  The Epoch Times
  5. Chinese hacking ‘no surprise’- Andrew Little  Radio New Zealand
  6. View full coverage on read more

“cyber warfare news” – read more