#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

AnyDesk | Breaking Cybersecurity News | The Hacker News

Category — AnyDesk
Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

Feb 14, 2024 Malware / Cybercrime
The infamous malware loader and initial access broker known as  Bumblebee  has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "ReleaseEvans#96.docm" (the digits before the file extension varied)," the company  said  in a Tuesday report. "The Word document spoofed the consumer electronics company Humane." Opening the document leverages VBA macros to launch a PowerShell command to download and execute another PowerShell script from a remote server that, in turn, retrieves and runs the Bumblebee loader. Bumblebee,  first spotted  in March 2022, is mainly designed to download and execute follow-on payloads such as ransomware. It has been put to use by multiple crimeware threat actors that previously observe...
AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

Feb 03, 2024 Cyber Attack / Software Security
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced where necessary," the company  said  in a statement. "We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one." Out of an abundance of caution, AnyDesk has also revoked all passwords to its web portal, my.anydesk[.]com, and it's urging users to change their passwords if the same passwords have been reused on other online services. It's also recommending that users download the latest version of the software, which comes with a new  code signing certificate . AnyDesk did not disclose...
The Future of Network Security: Automated Internal and External Pentesting

The Future of Network Security: Automated Internal and External Pentesting

Dec 10, 2024Vulnerability / Perimeter Security
In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay ahead of attackers with cost-effective, frequent, and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests  Effective cybersecurity requires addressing threats from both inside and outside your organization. Automated solutions streamline this process, enabling IT teams to implement a holistic and proactive defense strategy. Internal Pentesting: Securing the Core Internal pentesting simulates an attacker operating within your network, exposing vulnerabilities such as insider threats, compromised credentials, or breaches through physical or ...
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

Dec 19, 2023 Malvertising / Browser Security
The malware loader known as PikaBot is being distributed as part of a  malvertising   campaign  targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' Jérôme Segura  said . The malware family, which  first   appeared  in early 2023, consists of a loader and a core module that allows it to operate as a backdoor as well as a distributor for other payloads. This  enables  the threat actors to gain unauthorized remote access to compromised systems and transmit commands from a command-and-control (C2) server, ranging from arbitrary shellcode, DLLs, or executable files, to other malicious tools such as Cobalt Strike. One of the threat actors leveraging PikaBot in its attacks is  TA577 , a prolific cybercrime threat actor that has, in the past, delivered ...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

Sep 18, 2023 Threat Intelligence / Ransomware
The financially motivated threat actor known as  UNC3944  is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group," the threat intelligence firm  said . "UNC3944 has also consistently relied on publicly available tools and legitimate software in combination with malware available for purchase on underground forums." The group, also known by the names 0ktapus, Scatter Swine, and Scattered Spider, has been active since early 2022, adopting phone-based social engineering and SMS-based phishing to obtain employees' valid credentials using bogus sign-in pages and infiltrate victim organizations, mirroring tactics adopted by another group called  LAPSUS$ . While the group originall...
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

Apr 20, 2023 Cyber Attack / Malware
Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as  Daggerfly , and which is also monitored by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins from the MgBot malware framework," the cybersecurity company  said  in a report shared with The Hacker News. "The attackers were also seen using a  PlugX loader  and abusing the legitimate AnyDesk remote desktop software." Daggerfly's use of the  MgBot loader  (aka BLame or MgmBot) was  spotlighted  by Malwarebytes in July 2020 as part of phishing attacks aimed at Indian government personnel and individuals in Hong Kong. According to a profile published by Secureworks, the threat actor uses spear-phishing as an initial infection vector to drop M...
Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

May 27, 2021
Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have begun as early as April 21, 2021, involves a malicious file that masquerades as a setup executable for AnyDesk (AnyDeskSetup.exe), which, upon execution, downloads a PowerShell implant to amass and exfiltrate system information. "The script had some obfuscation and multiple functions that resembled an implant as well as a hardcoded domain (zoomstatistic[.]com) to 'POST' reconnaissance information such as user name, hostname, operating system, IP address and the current process name," researchers from Crowdstrike  said  in an analysis. AnyDesk's remote desktop access solution has been  downloaded  by more than 300 million users worldwide, according to the co...
Expert Insights / Articles Videos
Cybersecurity Resources