The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for spear phishing

A Massive U.S. Property and Demographic Database Exposes 200 Million Records

A Massive U.S. Property and Demographic Database Exposes 200 Million Records

March 05, 2020Ravie Lakshmanan
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of personal and demographic details — included the name, address, email address, age, gender, ethnicity, employment, credit rating, investment preferences, income, net worth, and property information, such as: Market value Property type Mortgage amount, rate, type, and lender Refinance amount, rate, type, and lender Previous owners Year built Number of beds and bathrooms Tax assessment information According to security firm Comparitech , the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko. But after failing to identify the database owner, the server was eventually taken offline more than a
Dyre Wolf Banking Malware Stole More Than $1 Million

Dyre Wolf Banking Malware Stole More Than $1 Million

April 04, 2015Swati Khandelwal
Security researchers have uncovered an active cyber attack campaign that has successfully stolen more than $1 Million from a variety of targeted enterprise organizations using spear phishing emails, malware and social engineering tricks. The campaign, dubbed " The Dyre Wolf " by researchers from IBM's Security Intelligence division, targets businesses and organizations that use wire transfers to transfer large sums of money, even if the transaction is protected by 2-factor authentication. A MIXTURE OF MALWARE, SOCIAL ENGINEERING & DDoS Nowadays, cybercriminals not only rely on banking Trojans to harvest financial credentials, but also using sophisticated social engineering tactics to attack big corporations that frequently conduct wire transfers to move large sums. " An experienced and resource-backed [cyber criminal] gang operates Dyre ," John Kuhn, Senior Threat Researcher at IBM Managed Security Service, wrote in a blog post published Th
Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

March 26, 2020Ravie Lakshmanan
Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names, descriptions, or in the package names so as to drop malware, perpetrate financial theft and rank higher in Google Play Store searches related to the topic. "Most malicious apps found are bundle threats that range from ransomware to SMS-sending malware, and even spyware designed to clean out the contents of victims' devices for personal or financial data," Bitdefender researchers said in a telemetry analysis report shared with The Hacker News. The find by Bitdefender is the latest in an avalanche of digital threats piggybacking on the coronavirus pandemic. Using Coronavirus-Relat
US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

June 01, 2021Ravie Lakshmanan
Days after  Microsoft ,  Secureworks , and  Volexity  shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign. The court-authorized domain seizure took place on May 28, the DoJ said, adding the action was aimed at disrupting the threat actors' follow-on exploitation of victims as well as block their ability to compromise new systems. The department, however, cautioned that the adversary might have deployed additional backdoor accesses in the interim period between when the initial compromises occurred, and the seizures took place last week. "[The] action is a continued demonstration of the Department's commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,"  said  Assistant Attorney Ge
New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer

New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer

May 03, 2021Ravie Lakshmanan
A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) weaponizer to deliver a previously undocumented Windows backdoor dubbed " PortDoor ," according to Cybereason's Nocturnus threat intelligence team. "Portdoor has multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration and more," the researchers  said  in a write-up on Friday. Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounting fo
U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

October 19, 2020Ravie Lakshmanan
The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the "most disruptive and destructive series of computer attacks ever attributed to a single group," according to the Justice Department ( DoJ ). All the six men — Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin — have been charged with seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. "The object of the conspiracy was to deploy destructive malware and take other disruptive actions, for the strateg
Evilnum hackers targeting financial firms with a new Python-based RAT

Evilnum hackers targeting financial firms with a new Python-based RAT

September 04, 2020Ravie Lakshmanan
An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereason researchers yesterday, the Evilnum group has not only tweaked its infection chain but has also deployed a Python RAT called "PyVil RAT," which possesses abilities to gather information, take screenshots, capture keystrokes data, open an SSH shell and deploy new tools. "Since the first reports in 2018 through today, the group's TTPs have evolved with different tools while the group has continued to focus on fintech targets," the cybersecurity firm said . "These variations include a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT)" to spy
Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions

Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions

July 21, 2020Ravie Lakshmanan
An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News. The attacks were observed during the first week of July, coinciding the passage of controversial security law in Hong Kong and India's ban of 59 China-made apps over privacy concerns, weeks after a violent skirmish along the Indo-China border. Attributing the attack with "moderate confidence" to a new Chinese APT group, Malwarebytes said they were able to track their activities based on the "unique phishing attempts" designed to compromise targets in India and Hong Kong. The operators of the APT group have leveraged at least three different Tactics, Techniques, and Procedures (TTPs), using spear-phishing emails to drop variants of Cobalt Strike and MgBot malware, and bogus Andr
New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

November 14, 2019Swati Khandelwal
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts. According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. "Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in
Report : Attacks on social media to rise in 2011 !

Report : Attacks on social media to rise in 2011 !

January 05, 2011Mohit Kumar
ESET, a security solution provider for viruses and malicious software, has released its cyber-threat report for 2011, predicting that attacks on Facebook and other social networks will increase over the coming year. The report prepared by specialists and searchers in the business also says the mentioned attacks' main purpose will be to steal data, also known as 'phishing' Attacks on Facebook and other social networks are likely to increase over the coming year, according to a report from ESET, an IT security company, on possible threat trends for 2011. Social media will be a focus for social engineering attacks such as those already commonly experienced by users of Facebook and Google, according to ESET's new San Diego-based Cyber Threat Analysis Center, or CTAC. Furthermore, it is likely there will be an increasing volume of attacks on other social networking sites such as LinkedIn, Orkut and Twitter, as well as other search engines such as Bing and Yahoo, the research
The new face of cyber crime

The new face of cyber crime

October 31, 2010Mohit Kumar
Today's cyber crime has far-reaching implications for security professionals. Corporate environments are experiencing more cyber crime, and intellectual property is increasingly a target for criminal activity. This is according to Uri Rivner, head of new technologies, identity protection and verification at RSA, speaking during a roundtable at the RSA conference in London this week. He said in the past, cyber crime was a one- man operation – the basement hacker causing mischief. These days, he added, it is an entire economy, run like legitimate businesses with a few obvious exceptions. "Online fraud is divided into two parts – harvesting and cash out," he said. "This translates into those stealing and collecting the data , and those monetising it, cashing in the accounts using the stolen credentials." According to Rivner, it is ridiculously easy to launch a Trojan attack these days, as they can be purchased off the Internet with ease. "A Trojan costs around $
New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists

New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists

November 29, 2021Ravie Lakshmanan
North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as  ScarCruft , also known as  APT37 , Reaper Group, InkySquid, and Ricochet Chollima. "The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications," the company's Global Research and Analysis Team (GReAT)  said  in a new report published today. "Although intended for different platforms, they share a similar command and control scheme based on HTTP communication. Therefore, the malware operators can control the whole malware family through one set of command and control scripts." Likely active since at least 2012, ScarC
Hackers From China Target Vietnamese Military and Government

Hackers From China Target Vietnamese Military and Government

April 06, 2021Ravie Lakshmanan
A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called  Cycldek  (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed " FoundCore ." DLL side-loading  has been a tried-and-tested technique used by various threat actors as an obfuscation tactic to bypass antivirus defenses. By loading malicious DLLs into legitimate executables, the idea is to mask their malicious activity under a trusted system or software proc
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021Ravie Lakshmanan
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the  Lazarus Group , the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated crimes to fund the cash-strapped regime.  This broadening of its strategic interests happened in early 2020 by leveraging a tool called ThreatNeedle , researchers Vyacheslav Kopeytsev and Seongsu Park said in a Thursday write-up. At a high level, the campaign takes advantage of a multi-step approach that begins with a carefully crafted spear-phishing attack leading eventually to the attackers gaining remote control over the devices. ThreatNeedle is delivered to targets via COVID-themed emails with malicious Microsoft Word attachments as initial infection vectors that, when opened, run a
Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

December 04, 2020Ravie Lakshmanan
Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed " PowerPepper " by Kaspersky researchers, the malware has been attributed to the  DeathStalker  group (formerly called Deceptikons), a threat actor that has been found to hit law firms and companies in the financial sector located in Europe and the Middle East at least since 2012. The hacking tool is so-called because of its reliance on steganographic trickery to deliver the backdoor payload in the form of an image of ferns or peppers. The espionage group first came to light  earlier this July , with most of their attacks starting with a spear-phishing email containing a malicious modified LNK (shortcut) file that, when clicked, downloads and runs a PowerShell-based implant named Powersing. While
North Korean Hackers Used 'Torisma' Spyware in Job Offers-based Attacks

North Korean Hackers Used 'Torisma' Spyware in Job Offers-based Attacks

November 05, 2020Ravie Lakshmanan
A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought. The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma  to stealthily monitor its victims for continued exploitation. Tracked under the codename of " Operation North Star " by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations' networks. The attacks have been attributed to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associate
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.