Command-and-control | Breaking Cybersecurity News | The Hacker News

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션_SecuwaySSL VPN Manager U100S 100user_견적서.zip"), which masqueraded as a VPN invoice to distribute malware capable of file transfer, capturing screenshots, and executing arbitrary commands. "The chain has three steps: a small dropper, a loader called MemLoad, and the final backdoor, named 'HttpTroy,'" security researcher Alexandru-Cristian Bardaș said. Present within the ZIP archive is a SCR file of the same name, opening which triggered the execution chain, starting with a Golang binary containing three embedded files, including a decoy PDF document that's displayed...

The legitimate command-and-control (C2) framework known as Sliver is  gaining   more traction  from threat actors as it emerges as an open source alternative to  Cobalt Strike  and Metasploit. The findings come from Cybereason, which  detailed  its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that's designed to be used by security professionals in their red team operations. Its myriad features for adversary simulation – including dynamic code generation, in-memory payload execution, and process injection – have also made it an appealing tool for threat actors looking to gain elevated access to the target system upon gaining an initial foothold. In other words, the software is used as a second-stage to conduct next steps of the attack chain after already compromising a machine using one of the initial intrusion vectors such as...

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous. Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges. These days, Cyber criminals are hosting malware's Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road  that also offered arms and malware to their users against Bitcoin , one of the popular crypto currency . ChewBacca , a po...

Advanced Persistent Threat (APT) is a term referring to targeted attacks on enterprises and other organizations and recently referred to what appeared to be nation-state intelligence agencies using cyber assaults for both conventional espionage and industrial espionage. Advanced threats have targeted control systems in the past and these attacks use commercially available and custom-made advanced malware to steal information or perpetrate fraud. Terminator RAT has been used against Tibetan and Uyghur activists before and while tracking attack against entities in Taiwan, the Cyber Security company FireEye Labs recently analyzed some new samples of ' Terminator RAT ' (Remote Access Tool) that was sent via spear-phishing emails to targets in Taiwan. A word document as an attachment was sent to victims, exploited a vulnerability in Microsoft Office ( CVE-2012-0158 ), which subsequently drops a malware installer named " DW20.exe ". Sometimes the simplest techniques...

Today social media are spreading a shocking news, authors of Stuxnet virus that hit Iranian nuclear program in 2010 according a new research proposed by Symantec security company started in 2005 and contrary to successive instance of the malware he was designed to manipulate the nuclear facility's gas valves. The attacker strategy was to destroy the nuclear plant causing an explosion due the sabotage of gas valves, hackers purpose was physical destruction of the targets, due this reason the press and security community labeled Stuxnet as first cyber weapon of the history.  Francis deSouza, Symantec's president of products and services, during an interview with Bloomberg revealed that the version detected was a sort of beta version of the final weapon and that in the period between 2005 and 2009 the authors were testing its capabilities. " It looks like now the weapon tried a few things before it hit on what would actually work ,"' " It is clear that this has been a ...