Chinese hackers use new Atlas RAT malware in European cyberattacks
A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]
Unit 42 Says Iranian Operators Target Aerospace and Government StaffPalo Alto Networks' Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks.
Hacking Group Deploys Raft of Custom Malware VariantsAn Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps.
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East
Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer Suspected Iranian government-backed online attackers have expanded their European cyber ops with fake job portals and new malware targeting organizations in the defense, manufacturing, telecommunications, and aviation sectors.…
Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers
The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms.
The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent
A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. [...]
A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. [...]
Also: VPN Vulnerabilities Attract Hackers, Hackers Use Swiss Mail to Send MalwareThis week, Russia suspected in Balctic Sea cable sabotage, VPNs draw ransomware attackers and Swiss snail mail malware. An AI training company reported a cybertheft of $250,000 and a U.S. space firm reported a breach. Microsoft said it will pay $$$ for AI vulnerabilities and a MFA success story.
Tehran Baits Aerospace Sector into Downloading Malware With Fake Job OffersIranian state hackers are taking a page out of North Korean tactics to entice job seekers into downloading malware, with security researchers spotting a Tehran campaign directed against the aerospace industry. It's possible that Pyongyang shared its attack methods and tools.
The group seeks out aerospace professionals by impersonating job recruiters — a demographic it has targeted in the past as well — then deploys the SlugResin backdoor malware.
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023
The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware
BAE Systems Among Companies in the Sights of North Korean Cyberespionage GroupA North Korean cyberespionage group is posing as job recruiters and targeting aerospace and energy sector employees with lucrative job offers, according to Mandiant. The hackers use email and WhatsApp messages to lure victims into clicking a link that deploys backdoor malware onto their devices.
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network. [...]
The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust
Like antivirus software, vulnerability scans rely on a database of known weaknesses