#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Rust Programming | Breaking Cybersecurity News | The Hacker News

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Sep 19, 2023 Cyber Attack / Threat Intel
Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group. "The operation has at least two different initial access vectors," security researchers Simon Kenin, Ron Ben Yizhak, and Mark Vaitzman  said  in an analysis published last week. "One of the lures used in the operation is a modified document that was used by the Storm-0978 group. This could be a deliberate 'false flag.'" The attack chain leverages an LNK file named 1.KARABAKH.jpg.lnk as a launchpad to retrieve a second-stage payload, an MSI installer, hosted on Dropbox. The installer file, for its part, drops an implant written in Rust, an XML file for a scheduled task to execute the implant, and a decoy image file that features watermarks of the 
Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

Jul 26, 2023 Cryptocurrency / Endpoint Security
A new malware family called  Realst  has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "emptying crypto wallets and stealing stored password and browser data" from both Windows and macOS machines. Realst was first discovered in the wild by security researcher  iamdeadlyz . "Realst Infostealer is distributed via malicious websites advertising fake blockchain games with names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend," SentinelOne security researcher Phil Stokes  said  in a report. "Each version of the fake blockchain game is hosted on its own website complete with associated Twitter and Discord accounts." The cybersecurity firm, which identif
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems

New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems

Jul 20, 2022
Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after  BlackCat  and  Hive  to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of  Curve25519  and  AES  for encryption. "Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version," the Russian firm  noted  in a report published today. Advertisements for Luna on darknet forums suggest that the ransomware is intended for use only by Russian-speaking affiliates. Its core developers are also believed to be of Russian origin owing to spelling mistakes in the ransom note hard-coded within the binary. "Luna confirms the trend for cross-platform ransomware," the researchers stated, adding how the platform agnostic nature of languages like Golang and R
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Experts Shed Light On New Russian Malware-as-a-Service Written in Rust

Experts Shed Light On New Russian Malware-as-a-Service Written in Rust

Aug 12, 2021
A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting  exotic programming languages  to bypass security protections, evade analysis, and hamper reverse engineering efforts. Dubbed " Ficker Stealer ," it's notable for being propagated via Trojanized web links and compromised websites, luring in victims to scam landing pages purportedly offering free downloads of  legitimate paid services  like Spotify Music, YouTube Premium, and other Microsoft Store applications. "Ficker is sold and distributed as Malware-as-a-Service (MaaS), via underground Russian online forums," BlackBerry's research and intelligence team said in a report published today. "Its creator, whose alias is @ficker, offers several paid packages, with different levels of subscription fees to use their malicious program." First seen in the wi
Cybersecurity Resources