1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Enterprise networks are being targeted by a sneaky new malware

    From TechnologyDaily@1337:1/100 to All on Tue Apr 18 22:00:05 2023
    Enterprise networks are being targeted by a sneaky new malware

    Date:
    Tue, 18 Apr 2023 20:42:49 +0000

    Description:
    Russian "Pupy" targets corporate networks in the West, but its precise motivation is unknown.

    FULL STORY ======================================================================

    Cybersecurity researchers from Infobloxs Threat Intelligence Group have found a new remote access trojan (RAT) lurking in corporate networks around the world and claim its been operating in secret for roughly a year.

    The researchers named the RAT Pupy, and were able to trace its toolkit back
    to Russia, and now believe a state-sponsored attacker is behind the campaign.

    In a press release, Infobloxs researchers said they found a critical security threat communicating with a malware toolkit dubbed Decoy Dog. Russian IP

    This toolkit communicates with a Russian IP and targets organizations around the world - the US, Europe, South America, and Asia. Companies being targeted with this new RAT include those in technology, healthcare, energy, financial and other sectors.

    The RAT is not your generic consumer device threat, mostly because of how difficult it was to detect any activity on the compromised endpoints.

    This C2 communication was very hard to find, due to a small amount of data queries in a large pool of DNS data, the researchers claim. This RAT uses DNS as a C2 channel through which the malicious actor has control of the internal devices. Read more

    Nearly all firms have some kind of cloud misconfiguration issue


    Many data breaches are being caused by misconfigured clouds


    Check out the best endpoint protection right now

    Pupy is an open-source project, the researchers further claim, saying that
    its been consistently associated with nation-state actors.

    The identity of the attackers, as well as the nature of the compromise, is unknown at the time, Infoblox said, and added that its currently working with other cybersecurity vendors to uncover these details, as well.

    Organisations with protective DNS are able to block these domains
    immediately, mitigating their risk while they continue to investigate
    further, the report concludes. Heres a list of C2 domains that should be blocked, to mitigate potential risks claudfront[.]net allowlisted[.]net atlas-upd[.]com ads-tm-glb[.]click cbox4[.]ignorelist[.]com hsdps[.]cc Here are the best firewalls around to keep you safe



    ======================================================================
    Link to news story: https://www.techradar.com/news/enterprise-networks-are-being-targeted-by-a-sne aky-new-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)