#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

Securonix | Breaking Cybersecurity News | The Hacker News

Category — Securonix
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

Dec 17, 2024 Cyber Attack / Malware
A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE , said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the more notable aspects of the campaign is how the threat actors leverage MSC (Microsoft Common Console Document) files to deploy a dual-purpose loader and dropper to deliver further malicious payloads," security researchers Den Iuzvyk and Tim Peck said . It's worth noting that the abuse of specially crafted management saved console (MSC) files to execute malicious code has been codenamed GrimResource by Elastic Security Labs. The starting point is a file with double extensions (.pdf.msc) that masquerades as a PDF file (if the setting to display file extensions is disabled)...
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

May 12, 2023 Cyber Threat / Malware
Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the  XWorm malware  on targeted systems. Securonix, which is tracking the activity cluster under the name  MEME#4CHAN , said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany. "The attack campaign has been leveraging rather unusual meme-filled PowerShell code, followed by a heavily obfuscated XWorm payload to infect its victims," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new analysis shared with The Hacker News. The report builds on  recent findings  from Elastic Security Labs, which revealed the threat actor's reservation-themed lures to deceive victims into opening malicious documents capable of delivering XWorm and Agent Tesla payloads. The attacks begin with phishing attacks to distribute decoy Microsoft Word documents that, instead of using macr...
Researchers Uncover Covert Attack Campaign Targeting Military Contractors

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

Sep 29, 2022
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed  STEEP#MAVERICK  by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out starting in late summer 2022 targeting at least two high-profile military contractor companies," Den Iuzvyk, Tim Peck, and Oleg Kolesnikov  said  in an analysis. Infection chains begin with a phishing mail with a ZIP archive attachment containing a shortcut file that claims to be a PDF document about "Company & Benefits," which is then used to retrieve a stager -- an initial binary that's used to download the desired malware -- from a remote server. This PowerShell stager sets the stage for a "robust chain of stagers" that progresses through seven m...
cyber security

SANS Institute Complimentary Training Bundle ($3240 Value) at Network Security 2025

websiteSANS InstituteCyber Security Training
Register to attend in-person training at Network Security 2025 in Las Vegas, NV and claim a complimentary cyber-pro pass that includes an OnDemand bundle, AND a free pass to compete in NetWars!
cyber security

Key Essentials to Modern SaaS Data Resilience

websiteVeeamSaaS Security / Data Resilience
Learn how to modernize your SaaS data protection strategy and strengthen security to avoid risks of data loss.
Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

Aug 31, 2022
A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix , points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the operators to leverage a common codebase to target different operating systems. Go binaries also have the added benefit of rendering reverse engineering a lot more challenging as opposed to malware written in other languages like C++ or C#, not to mention prolong analysis and detection attempts. Phishing emails containing a Microsoft Office attachment act as the entry point for the attack chain that, when opened, retrieves an obfuscated VBA macro, which, in turn, is auto-executed should the recipient enable macros. The execution of the macro results in the download of an image file ...
Expert Insights Articles Videos
Cybersecurity Resources