Tag: Deploying | SpinSafe

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

July 18, 2023/in Computer Security

Jul 18, 2023THNMalware / Cyber Attack

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that’s commonly associated with Chinese hacking crews.

Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and September 2022.

The cybersecurity company said the incident could be the result of a supply-chain attack, in which a legitimate piece of software used by targets of interest is trojanized to deploy malware capable of gathering sensitive information from compromised systems.

The attack chain takes the form of a malicious installer for E-Office, an application developed by the National Information Technology Board (NITB) of Pakistan to help government departments go paperless.

It’s currently not clear how the backdoored E-Office installer was delivered to the targets. That said, there’s no evidence to date that the build environment of the Pakistani government agency in question has been compromised.

This raises the possibility that the threat actor obtained the legitimate installer and tampered it to include malware, and then subsequently lured victims into running the trojanized version via social engineering attacks.

“Three files were added to the legitimate MSI installer: Telerik.Windows.Data.Validation.dll, mscoree.dll, and mscoree.dll.dat,” Trend Micro researcher Daniel Lunghi said in an updated analysis published today.

Telerik.Windows.Data.Validation.dll is a valid applaunch.exe file signed by Microsoft, which is vulnerable to DLL side-loading and is used to sideload mscoree.dll that, in turn, loads mscoree.dll.dat, the ShadowPad payload.

Trend Micro said the obfuscation techniques used to conceal DLL and the decrypted final-stage malware are an evolution of an approach previously exposed by Positive Technologies in January 2021 in connection with a Chinese cyber espionage campaign undertaken by the Winnti group (aka APT41).

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats?…

Source…

FEMA deploying over 2,000 employees as Ida carves destructive path

August 30, 2021/in Internet Security

To listen to the Federal Newscast on your phone or mobile device, subscribe in PodcastOne or Apple Podcasts. The best listening experience on desktop can be found using Chrome, Firefox or Safari.

More than 2,400 FEMA employees are in place to help out citizens in Louisiana, Alabama, Mississippi and other states that are in the path of Hurricane Ida. In preparation for the Stage 4 storm recovery, FEMA has staged more than 2.5 million meals, 3.1 million liters of water, 76,000 tarps and 64 generators. Additionally, the agency’s Mobile Emergency Response Support assets include deploying Emergency Operations Vehicles to support Louisiana and Mississippi. Along with FEMA, a U.S. Army Corps of Engineers Power Restoration team and its planning and response teams for debris, temporary roofing, infrastructure assessment, temporary housing and temporary power also is in place to help with recovery operations.

The Army is adding fresh help in the battle against California wild fires. Some 200 active duty soldiers will help out in Northern California, with operational command coming from Northern Command’s Joint Force Land Component. The soldiers will arrive at the request of the National Interagency Fire Center. They’ll help with efforts to quell the Dixie fire, which encompasses two national parks and a national forest. The soldiers will receive their gear and start training today. The Air Force has provided eight C-130 airplanes fitted with fire suppression systems.

The military services would establish special victims prosecutors for sexual crimes under a House version of the annual defense bill. The House Armed Services Committee’s “chairman’s mark” would reform the Uniform Code of Military Justice to address sexual assaults in the military. The bill would also reallocate most of the $3.3 billion that was originally earmarked for the Afghan Security Forces Fund. The committee will mark up the bill this week, with a flurry of amendments and lengthy debate expected during the meeting. (Federal News Network)

It’s official — President Joe Biden intends to give federal employees an average 2.7% pay raise…

Source…

Threat Actors Offer $1M to Employees for Deploying Ransomware

August 22, 2021/in Internet Security

Researchers at Abnormal Security have spotted and thwarted a number of attempts earlier this month to solicit some of their customers’ employees to install DemonWare ransomware for $1 million in bitcoin. The threat actors responsible for the attempted attack said they are linked to the DemonWare ransomware group, also known as Black Kingdom or DEMON.

“On August 12, 2021, we identified and blocked a number of emails sent to Abnormal Security customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies’ networks with ransomware,” wrote Crane Hassold in a blog.

In this latest ransomware email campaign, the employees received a message telling them that if they’re able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin. This amounts to 40% of the total $2.5 million demanded ransom.

The email added that the ransomware could be launched physically or remotely and provided two methods to contact the threat actors: An Outlook email account and a Telegram username.

DemonWare is a Nigeria-based ransomware group that has been operating for a few years and has been seen most recently launching a barrage of attacks whose target was Microsoft Exchange’s ProxyLogon set of vulnerabilities.

Ransomeware attacks are quite popular. Just last July, a colossal ransomware attack hit hundreds of businesses in 17 countries. The question then becomes: Should companies pay up to deal with these attacks?

A study found that over half of ransomware victims paid the ransom to restore their data. The reasons for paying the ransom were many, with one of the main ones being that access to data is of crucial importance and cannot be risked.

Luckily, in this case, the attack was thwarted before it even began, allowing this business to keep its money where it belongs: In its own accounts.

Source…

East Tennessee soldier deploying to fight cyber warfare – WVLT.TV

October 25, 2019/in Internet Security

East Tennessee soldier deploying to fight cyber warfare WVLT.TV
“cyber warfare news” – read more

Tag Archive for: Deploying