#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Cyble | Breaking Cybersecurity News | The Hacker News

Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence

Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence

Mar 28, 2023 Advanced Persistent Threat
An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which  attributed  the operation to  SideCopy , the activity cluster is designed to target the Defence Research and Development Organization ( DRDO ), the research and development wing of India's Ministry of Defence. Known for emulating the infection chains associated with  SideWinder  to deliver its own malware, SideCopy is a threat group of Pakistani origin that shares overlaps with  Transparent Tribe . It has been active since at least 2019. Attack sequences mounted by the group involve using spear-phishing emails to gain initial access. These messages come bearing a ZIP archive file that contains a Windows shortcut file (.LNK) masquerading as information about the  K-4 ballistic missile  developed by DRDO. Executing the .LNK file leads to the retrieval of an HTML application from a rem
 Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Dec 06, 2022 Mobile Malware / Darknet
Cybersecurity researchers have shed light on a darknet marketplace called  InTheBox  that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. "The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware," Resecurity  said . "InTheBox may be called the largest and probably the only one in its marketplace category providing high-quality web injects for popular types of mobile malware." Web injects are  packages  used in financial malware that leverage the adversary-in-the-browser (AitB) attack vector to serve malicious HTML or JavaScript code in the form of an overlay screen when victims launch a banking, crypto, payments,
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Nov 08, 2022
Cryptocurrency users are being targeted with a new clipper malware strain dubbed  Laplas  by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other  commodity trojans  like  SystemBC  and  Raccoon Stealer 2.0 , according to an  analysis  from Cyble. Observed in the wild since circa 2013,  SmokeLoader  functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. In July 2022, it was found to deploy a backdoor called  Amadey . Cyble said it discovered over 180 samples of the Laplas since October 24, 2022, suggesting a wide deployment. Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls  cryware , which are designed to steal crypto by keeping close tabs on a victim's clipboard activity and swapping the original wallet ad
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

May 10, 2022
Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers  said  in an analysis last week. "The stealer also steals data from various locations across the system and compresses it in a password-protected ZIP file." A 32-bit C# .NET-based executable with the name "saintgang.exe," Saintstealer is equipped with anti-analysis checks, opting to terminate itself if it's running either in a sandboxed or virtual environment. The malware can capture a wide range of information that ranges from taking screenshots to gathering passwords, cookies, and autofill data stored in Chromium-based browsers such as Google Chrome, Opera, Edge, Brave, Vivaldi, and Yandex, among others. It can also steal Discord multi-factor authentication toke
Cybersecurity Resources