1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • CDN network cache hacked to spread malware across the globe

    From TechnologyDaily@1337:1/100 to All on Wed Apr 24 16:00:05 2024
    CDN network cache hacked to spread malware across the globe

    Date:
    Wed, 24 Apr 2024 15:51:25 +0000

    Description:
    Hackers are targeting companies around the world with infostealers hosted in CDN network caches.

    FULL STORY ======================================================================

    Threat actors known as CoralRaider have been using the Bynny content delivery network ( CDN ) to distribute infostealers to victims around the world.

    Rresearchers Cisco Talos have revealed who said CoralRaider abused the CDN to hide from security solutions, as they delivered LummaC2, Rhadamanthys, and Cryptobot.

    CoralRaider is a financially motivated threat actor that targets endpoints in the US, the UK, Germany, and Japan. It is based out of Vietnam, and usually targets devices in Asia and Southeast Asia. However, as of lately, the group seemingly expanded its operations to target victims in the US, Nigeria, Pakistan,Ecuador, Germany, Egypt, the U.K., Poland, the Philippines, Norway, Japan, Syria and Turkey. The groups activities were first spotted back in 2003, it was added.

    Apparently, the group would (most likely) send out phishing emails with an archive attached. This archive would contain a malicious Windows shortcut
    link (.LNK) which, in turn, carried a PowerShell command that downloads and runs a heavily obfuscated HTML application. This app was found on a Bynny subdomain under the attackers control. Stealing login credentials

    The app comes with JavaScript code for a PowerShell decrypter script which turns off certain security features and ultimately deploys one of the three above-mentioned infostealers.

    Further detailing the threat, Cisco Talos said that the infostealers being distributed were relatively new. LummaC2 and Rhadamanthys each have features which were apparently only added last year, while Cryptobot dates January
    this year.

    According to BleepingComputer , Cryptobot isnt as popular as LummaC2 or Rhadamanthys, but its still dangerous, as it infects more than half a million devices a year.

    Most of todays infostealers go after the same information: login credentials to various services, multi-factor authentication (MFA) and one-time
    passcodes, cryptocurrency wallet data, banking information, and more. More from TechRadar Pro North Korean hacking group attacks ScreenConnect flaws to drop dangerous new malware Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cdn-network-cache-hacked-to-spread-malw are-across-the-globe


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)