1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Dangerous new cybercrime gang attacks government and military tar

    From TechnologyDaily@1337:1/100 to All on Wed Jan 11 15:15:03 2023
    Dangerous new cybercrime gang attacks government and military targets

    Date:
    Wed, 11 Jan 2023 15:02:16 +0000

    Description:
    Hackers found using unorthodox tactics to deploy infostealers, with at least seven organizations hit.

    FULL STORY ======================================================================

    A dangerous new cybercrime group has been spotted targeting government agencies and military organizations in the Asia-Pacific region.

    According to multiple cybersecurity firms who spotted the threat actor, it seems to be deploying unorthodox tactics to obtain sensitive information from target endpoints .

    Two cybersecurity firms were initially tracking the attackers - Group-IB, and Anheng Hunting Labs. While the former dubbed the group Dark Pink, the latter calls it Saaiwc Group. Regardless of the name, the hackers are using spear-phishing attacks for initial deployment, and infected USB drives for spreading. Abusing known flaws

    The spear-phishing emails are usually fake job applications designed to lure victims into downloading weaponized ISO files. These files would abuse a
    known high-severity vulnerability tracked as CVE-2017-0199 (Office/WordPad remote code execution vulnerability) to deploy either Ctealer or Cucky (custom-built infostealers). These would later deploy a registry implant
    named TelePowerBot.

    A separate method was observed deploying KamiKakaBot, designed to read and execute commands.

    Both Cucky and Ctealer are designed to steal passwords , browsing history, saved credentials, and cookies from most of today's popular browsers (and
    then some). Furthemore, the group is able to access messenger applications, steal documents, and grab audio via microphones connected to infected
    devices. Read more

    Check out our list of the best firewalls out there


    The US military is going all-in on zero-trust


    US military hackers have carried out attacks to help Ukraine

    During infection, the threat actors execute several standard commands (e.g. net share, Get-SmbShare) to determine what network resources are connected to the infected device. If network disk usage is found, they will begin
    exploring this disk to find files that may be of interest to them and potentially exfiltrate them, Group-IB explained.

    In the second half of 2022, the group launched at least seven successful attacks, the researchers claim.

    All seven organizations (for which the attacks had been confirmed) have been notified of the attack and were given tips on how to proceed. The researchers state that its highly likely that the group compromised an even bigger number of organizations, but confirmations are yet to come. Here's our list of the best internet security suites right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/dangerous-new-cybercrime-gang-attacks-governmen t-and-military-targets


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)