Weekly our experts select relevant news in the cybersecurity industry. Over the last two weeks, we saw the “New HiatusRAT Router Malware”, “#StopRansomware: Royal Ransomware” and more. and much more.
For more articles, check out our #onpatrol4malware blog.
Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities
Source: Check Point Research
In 2021, Check Point Research published a report on a previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities. Read more.
MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground With Qt and MQTT
Source: WeLiveSecurity
ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol. Read more.
#StopRansomware: Royal Ransomware
Source: CISA
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as January 2023. Read more.
BlackLotus UEFI bootkit: Myth confirmed
Source: WeLiveSecurity
UEFI bootkits are very powerful threats, having full control over the OS boot process and thus capable of disabling various OS security mechanisms and deploying their own kernel-mode or user-mode payloads in early OS startup stages. Read more.
Prometei Botnet Improves Modules and Exhibits New Capabilities in Recent Updates
Source: CISA
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. Read more.
New HiatusRAT Router Malware Covertly Spies on Victims
Source: Lumen
Just nine months after discovering ZuoRAT, a novel malware targeting small office/home office (SOHO) routers, Lumen Black Lotus Labs® identified another, never-before-seen campaign involving compromised routers. Read more.