#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Password Spraying | Breaking Cybersecurity News | The Hacker News

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy
Mar 29, 2024 Network Security / IoT Security
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. " TheMoon , which  emerged  in  2014 , has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen Technologies  said . Faceless,  detailed  by security journalist Brian Krebs in April 2023, is a malicious residential proxy service that's offered its anonymity services to other threat actors for a negligible fee that costs less than a dollar per day. In doing so, it allows the customers to route their malicious traffic through tens of thousands of compromised systems advertised on the service, effectively concealing their true origins. The Faceless-backed infrastructure has been assessed to be used by operators of malware such as  SolarMarker  and  IcedID  to connect to their comm

Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics

Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics
Feb 27, 2024 Cloud Security / Threat Intelligence
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as  APT29 . The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the Russian Federation. Previously attributed to the  supply chain compromise  of SolarWinds software, the cyber espionage group  attracted attention  in recent months for targeting Microsoft, Hewlett Packard Enterprise (HPE), and other organizations with an aim to further their strategic objectives. "As organizations continue to modernize their systems and move to cloud-based infrastructure, the SVR has adapted to these changes in the operating environment," according to the  security bulletin . These include - Obtaining access to cloud infrastructure via service and dormant accounts
Expert Insights
Cybersecurity Resources