#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: SentinelOne

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

September 23, 2022Ravie Lakshmanan
A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions," researchers from SentinelOne  said  in a new report. The cybersecurity firm codenamed the "pragmatic" group Metador in reference to a string "I am meta" in one of their malware samples and because of Spanish-language responses from the command-and-control (C2) servers. The threat actor is said to have primarily focused on the development of cross-platform malware in its pursuit of espionage aims. Other hallmarks of the campaign are the limited number of intrusions and long-term access to targets. This includes two different Windows malware platforms ca
JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users

September 02, 2022Ravie Lakshmanan
More details have emerged about the operators behind the  first-known phishing campaign  specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as  JuiceLedger , cybersecurity firm SentinelOne, along with Checkmarx, described the group as a relatively new entity that surfaced in early 2022. Initial "low-key" campaigns are said to have involved the use of rogue Python installer applications to deliver a .NET-based malware called JuiceStealer that's engineered to siphon passwords and other sensitive data from victims' web browsers. The attacks received a significant facelift last month when the JuiceLedger actors  targeted PyPi package contributors  in a phishing campaign, resulting in the compromise of three packages with malware. "The supply chain attack on PyPI package contributors appears to be an escalation of a campaign begun earlier in th
A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia

A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia

June 09, 2022Ravie Lakshmanan
A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed  Aoqin Dragon  has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. "Aoqin Dragon seeks initial access primarily through document exploits and the use of fake removable devices," SentinelOne researcher Joey Chen  said  in a report shared with The Hacker News. "Other techniques the attacker has been observed using include DLL hijacking,  Themida-packed files , and DNS tunneling to evade post-compromise detection." The group is said to have some level of tactical association with another threat actor known as  Naikon  (aka Override Panda), with the campaigns primarily directed against targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Infections chains mounted by Aoqin Dragon have banked on Asia-Pacific political affairs and pornographi
Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines

Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines

May 20, 2022Ravie Lakshmanan
A case of software supply chain attack has been observed in the Rust programming language's  crate registry  that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack " CrateDepression ." Typosquatting attacks  take place  when an adversary mimics the name of a popular package on a public registry in hopes that developers will accidentally download the malicious package instead of the legitimate library. In this case, the crate in question is "rustdecimal," a typosquat of the real " rust_decimal " package that's been downloaded over 3.5 million times to date. The package was  flagged  earlier this month on May 3 by Askar Safin, a Moscow-based developer. According to an  advisory  published by the Rust maintainers, the crate is said to have been first pushed on March 25, 2022, attracting fewer than 500 downloads before it was permanently removed from the repository.
E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat

E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat

May 11, 2022Ravie Lakshmanan
The Five Eyes nations comprising  Australia ,  Canada ,  New Zealand ,  the U.K. , and  the U.S. , along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication ( SATCOM ) provider that had "spillover" effects across Europe. The  cyber offensive , which took place one hour before the Kremlin's military invasion of Ukraine on February 24, targeted the KA-SAT satellite network operated by telecommunications company Viasat, crippling the operations of wind farms and internet users in central Europe. Viasat, in late March,  disclosed  that it had shipped nearly 30,000 modems to distributors to restore service to customers whose modems were rendered unusable. "This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several E.U. Member States," the Counci
Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems

Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems

April 01, 2022Ravie Lakshmanan
The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the  latest research  from SentinelOne. The findings come a day after the U.S. telecom company  disclosed  that it was the target of a multifaceted and deliberate" cyberattack against its KA-SAT network, linking it to a "ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network." Upon gaining access, the adversary issued "destructive commands" on tens of thousands of modems belonging to the satellite broadband service that "overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable." But SentinelOne said it uncovered a new piece of malware (
Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion

Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion

March 26, 2022Ravie Lakshmanan
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after  Mustang Panda  to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began," SentinelOne researcher Tom Hegel  said  in a report published this week. SentinelOne's analysis follows an advisory from Ukraine's Computer Emergency Response Team (CERT-UA) earlier this week  outlining  a spear-phishing campaign that leads to the delivery of a RAR archive file, which comes with an executable that's designed to open a decoy file while stealthily dropping a malicious DLL called HeaderTip in the background. Scarab was  first documented  by the Symantec Threat Hunter Team, part of Broadcom Software, in January 2015, when i
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.