#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

WithSecure | Breaking Cybersecurity News | The Hacker News

Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

Oct 20, 2023 Malware / Cyber Attack
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous  Ducktail stealer . "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace," WithSecure  said  in a report published today. "Threat actors are able to acquire and use multiple different tools for the same purpose, and all they have to do is come up with targets, campaigns, and lures." The development comes amid an  uptick in malware campaigns  using DarkGate in recent months, primarily driven by its author's decision to rent it out on a malware-as-a-service (MaaS) basis to other threat actors after using it privately since 2018. It's not just DarkGate and Ducktail, for the Vietnamese threat actor cluster responsible for these campaigns is leveraging same or very similar lures, themes, targeting, and delivery methods to also deliver  L
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

Mar 16, 2023 Cyber Threat Intelligence
Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed  SILKLOADER  by Finnish cybersecurity company WithSecure, the malware leverages  DLL side-loading techniques  to deliver the commercial adversary simulation software. The development comes as  improved detection capabilities  against Cobalt Strike, a legitimate post-exploitation tool used for red team operations, is forcing threat actors to  seek alternative options  or concoct new ways to propagate the framework to evade detection. "The most common of these include adding complexity to the auto-generated beacon or stager payloads via the utilization of packers, crypters, loaders, or similar techniques," WithSecure researchers  said . SILKLOADER joins other loaders such as KoboldLoader, MagnetLoader, and LithiumLoader that have been  recently discovered  incorpora
Hands-on Review: Cynomi AI-powered vCISO Platform

Hands-on Review: Cynomi AI-powered vCISO Platform

Apr 10, 2024vCISO / Risk Assessment
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms
North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

Feb 02, 2023 Healthcare / Cyber Attack
A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple in reference to an error message that's used in one of the backdoors. Targets of the malicious operation included a healthcare research organization in India, the chemical engineering department of a leading research university, as well as a manufacturer of technology used in the energy, research, defense, and healthcare sectors, suggesting an attempt to breach the supply chain. Roughly 100GB of data is estimated to have been exported by the hacking crew following the compromise of an unnamed customer, with the digital break-in likely taking place in the third quarter of 2022. "The threat actor gained access to the network by exploiting a vulnerable Zimbra
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Ducktail Malware Operation Evolves with New Malicious Capabilities

Ducktail Malware Operation Evolves with New Malicious Capabilities

Nov 23, 2022
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem Hassan Nejad  said  in a new analysis. "The operation ultimately hijacks Facebook Business accounts to which the victim has sufficient access. The threat actor uses their gained access to run ads for monetary gain." Attributed to a Vietnamese threat actor, the Ducktail campaign is designed to target businesses in the digital marketing and advertising sectors which are active on the Facebook Ads and Business platform. Also targeted are individuals within prospective companies that are likely to have high-level access to Facebook Business accounts. This includes
New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts

New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts

Jul 27, 2022
Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed  Ducktail  designed to seize control as part of a financially driven cybercriminal operation.  "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure Business)  said  in a new report. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to." The attacks, attributed to a Vietnamese threat actor, are said to have begun in the latter half of 2021, with primary targets being individuals with managerial, digital marketing, digital media, and human resources roles in companies. The idea is to target employees with high-level acc
Cybersecurity Resources