With almost everything being done online, cybercriminals were able to develop Baka skimmer to perform their goals. Baka skimmer has a sophisticated design intended to circumvent detection by security tools. Read more about it and the latest cybersecurity news in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

Malware Used by Lazarus after Network Intrusion

Source: JPCERT

An attack activity by Lazarus (also known as Hidden Cobra) has been observed targeting Japanese organisations. Different types of malware are used during and after the intrusion. Read more.

Attackers abuse Google DNS over HTTPS to download malware

Source: Bleeping Computer

It was reported hackers hiding malware in fake Windows error logs. After gaining access to a Windows system and achieving persistence, the malware would read from a “.chk” file that impersonated event logs. Read more.

OpBlueRaven: Unveiling Fin7/Carbanak – Part II : BadUSB Attacks

Source: Threat Intelligence

This article aims to provide its readers with the details about PTI team’s latest operation on different threat actors; who have been detected to be working in cooperation with the notorious Fin7 APT group. Read more.

Baka skimmer

Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe

Source: Proofpoint

The campaigns have been attributed to the APT actor TA413, which has previously been documented in association with ExileRAT. Read more.

Commodified Cybercrime Infrastructure

Source: Trend Micro

The provision of services, as well as the way criminals operate in the underground, have gone through many changes over the years to cater to the market’s different infrastructure demands. Read more.

Baka skimmer

Binding Operational Directive 20-01

Source: cyber.dhs.gov

A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Read more.

IQ-FA008:QBot OOXML

Source: Inquest

In this Flash Alert, it was examined that a single instance of over 1000 related samples of malicious document carriers that deliver QBot. This break down of some characteristics hopefully helps with mitigation efforts. Read more.

Baka skimmer

Salfram: Robbing the place without removing your name tag

Source: Talos

Ongoing campaigns are distributing various malware families using the same crypter. This crypting mechanism contains an easy-to-detect flaw: The presence of a specific string value “Salfram” makes it easy to track over time. Read more.

No Rest for the Wicked: Evilnum Unleashes PyVil RAT

Source: cybereason

Evilnum’s activity has been varied, with recent reports using different components written in Javascript and C# as well as tools bought from the Malware-as-a-Service provider Golden Chickens. Read more.

Baka skimmer

BEC Scam Losses Surge as the Number of Attacks Diminish

Source: Bank Info Security

The average amount stolen in a business email compromise scam increased 48% during the second quarter 2020, even though the number of attack incidents decreased during that period. Read more.

Baka skimmer

Visa: New Baka Skimmer Designed to Avoid Detection

Source: InfoSecurity

The card giant said its PFD group first discovered the “Baka” skimmer in February whilst analyzing a C2 server associated with the ImageID variant. PFD subsequently founded seven servers hosting the Baka skimming kit. Read more.

Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Source: CISA

This Advisory identifies some of the more common—yet most effective—TTPs employed by cyber threat actors, including Chinese MSS-affiliated cyber threat actors. Read more.

An overview of targeted attacks and APTs on Linux

Source: SecureList

There is malware for Linux – including PHP backdoors, rootkits and exploit code. The strategic importance of servers running Linux makes them an attractive target for attackers of all kinds. Read more.