With almost everything being done online, cybercriminals were able to develop Baka skimmer to perform their goals. Baka skimmer has a sophisticated design intended to circumvent detection by security tools. Read more about it and the latest cybersecurity news in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
Malware Used by Lazarus after Network Intrusion
Source: JPCERT
An attack activity by Lazarus (also known as Hidden Cobra) has been observed targeting Japanese organisations. Different types of malware are used during and after the intrusion. Read more.
Attackers abuse Google DNS over HTTPS to download malware
Source: Bleeping Computer
It was reported hackers hiding malware in fake Windows error logs. After gaining access to a Windows system and achieving persistence, the malware would read from a “.chk” file that impersonated event logs. Read more.
OpBlueRaven: Unveiling Fin7/Carbanak – Part II : BadUSB Attacks
Source: Threat Intelligence
This article aims to provide its readers with the details about PTI team’s latest operation on different threat actors; who have been detected to be working in cooperation with the notorious Fin7 APT group. Read more.
Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
Source: Proofpoint
The campaigns have been attributed to the APT actor TA413, which has previously been documented in association with ExileRAT. Read more.
Commodified Cybercrime Infrastructure
Source: Trend Micro
The provision of services, as well as the way criminals operate in the underground, have gone through many changes over the years to cater to the market’s different infrastructure demands. Read more.
Binding Operational Directive 20-01
Source: cyber.dhs.gov
A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Read more.
IQ-FA008:QBot OOXML
Source: Inquest
In this Flash Alert, it was examined that a single instance of over 1000 related samples of malicious document carriers that deliver QBot. This break down of some characteristics hopefully helps with mitigation efforts. Read more.
Salfram: Robbing the place without removing your name tag
Source: Talos
Ongoing campaigns are distributing various malware families using the same crypter. This crypting mechanism contains an easy-to-detect flaw: The presence of a specific string value “Salfram” makes it easy to track over time. Read more.
No Rest for the Wicked: Evilnum Unleashes PyVil RAT
Source: cybereason
Evilnum’s activity has been varied, with recent reports using different components written in Javascript and C# as well as tools bought from the Malware-as-a-Service provider Golden Chickens. Read more.
BEC Scam Losses Surge as the Number of Attacks Diminish
Source: Bank Info Security
The average amount stolen in a business email compromise scam increased 48% during the second quarter 2020, even though the number of attack incidents decreased during that period. Read more.
Visa: New Baka Skimmer Designed to Avoid Detection
Source: InfoSecurity
The card giant said its PFD group first discovered the “Baka†skimmer in February whilst analyzing a C2 server associated with the ImageID variant. PFD subsequently founded seven servers hosting the Baka skimming kit. Read more.
Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
Source: CISA
This Advisory identifies some of the more common—yet most effective—TTPs employed by cyber threat actors, including Chinese MSS-affiliated cyber threat actors. Read more.
An overview of targeted attacks and APTs on Linux
Source: SecureList
There is malware for Linux – including PHP backdoors, rootkits and exploit code. The strategic importance of servers running Linux makes them an attractive target for attackers of all kinds. Read more.