Thailand | Breaking Cybersecurity News | The Hacker News

A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a  nocturnal female spirit  of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB  said  in a report shared with The Hacker News. The exact initial access vector used to deploy Krasue is currently not known, although it's suspected that it could be via vulnerability exploitation, credential brute-force attacks, or downloaded as part of a bogus software package or binary. The malware's core functionalities are realized through a rootkit that masquerades as an unsigned VMware driver and allows it to maintain persistence on the host without attracting any attention. The rootkit is derived from open-source projects such as Diamorphine, Suterusu, and Rooty. This has raised the possibility that...

Thailand has suffered its first ATM Hack! An Eastern European gang of criminals has stolen over 12 Million Baht (approximately US$350,000) from a total of 21 ATMs in Bangkok and other five provinces by hacking a Thai bank's ATM network; police said Wednesday The Central Bank of Thailand (BoT) has issued a warning to all commercial banks about security flaws in roughly 10,000 ATMs that were exploited to steal cash from the machines. The warning came shortly after the state-owned Government Savings Bank (GSB) shut down approximately 3,000 of their ATMs following an ongoing police investigation into the recent hack in which hackers were able to infect many its cash machines with malware. GSB found that millions of Thailand Baht were stolen between August 1 and 8 from 21 ATMs across the provinces of Bangkok, Phuket, Chumphon, Prachuap Khiri Khan, Phetchaburi, and Surat Thani, the Bangkok Post reports. The hackers made over 12.29 Million Thailand Baht (US$346,000) by inser...

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...