NetWire | Breaking Cybersecurity News | The Hacker News

A coordinated international law enforcement exercise has taken down the online infrastructure associated with a cross-platform remote access trojan (RAT) known as NetWire . Coinciding with the seizure of the sales website www.worldwiredlabs[.]com, a Croatian national who is suspected to be the website's administrator has been arrested. While the suspect's name was not released, investigative journalist Brian Krebs  identified  Mario Zanko as the owner of the domain. "NetWire is a licensed commodity RAT offered in underground forums to non-technical users to carry out their own criminal activities," Europol's European Cybercrime Center (EC3)  said  in a tweet. Advertised  since   at least 2012 , the malware is typically distributed via  malspam campaigns  and gives a remote attacker complete control over a Windows, macOS, or Linux system. It also comes with password-stealing and keylogging capabilities. The U.S. Department of Justice (DoJ)...

Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems. The use of commodity malware such as AsyncRAT and NetWire, among others, has led enterprise security firm Proofpoint to a "cybercriminal threat actor" codenamed TA2541 that employs "broad targeting with high volume messages." The ultimate objective of the intrusions is unknown as yet. Social engineering lures used by the group does not rely on topical themes but rather leverages decoy messages related to  aviation , logistics, transportation, and travel. That said, TA2541 did briefly pivot to  COVID-19-themed lures  in the spring of 2020, distributing emails concerning cargo shipments of personal protective equipment (PPE) or testing kits. "While TA2541 is consistent i...

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...