1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A cyberspy outfit is attacking high-level targets in the EU

    From TechnologyDaily@1337:1/100 to All on Wed Mar 15 16:15:03 2023
    A cyberspy outfit is attacking high-level targets in the EU

    Date:
    Wed, 15 Mar 2023 15:56:09 +0000

    Description:
    Embassies, healthcare agencies and other critical orgs have been compromised.

    FULL STORY ======================================================================

    Threat actor YoroTrooper has compromised the accounts of critical EU healthcare agencies, a number of embassies, and the World Intellectual Property Organization (WIPO).

    A report from Cisco Talos (via BleepingComputer ) has revealed that vast quantities of data, such as credentials, cookies, and browser histories, have been stolen from a number of infected endpoints.

    These include those belonging to government agencies and energy companies of countries that are a part of Eurasias Commonwealth of Independent States (CIS). YoroTroopers unique threat activity

    Though BleepingComputer notes that YoroTrooper has previously been known to disseminate known malware like PoetRAT and LodaRAT, Cisco thinks its moved to designing its own Remote Access Trojans (RATs) written in Python to get the job done.

    In Summer 2022, Belarusian organizations were hit by infected PDF files sent from email domains purporting to be organizations from Belarus or Russia. In September that year, YoroTrooper registered typosquatting domains to appear
    as similar as Russian government agencies as possible. Read more

    Russian hackers have been exploiting unknown flaw in Outlook for nearly a
    year now


    UK intelligence services are stepping up against Chinese cyberspies


    Weve also listed the best identity theft protection services right now

    This strategy is rooted in YoroTroopers phishing emails needing to look as legitimate as possible, particularly as its latest ruse involves attaching infected RAR and ZIP attachments to gain access to national security information across the region.

    In 2023, the threat group has moved fast. In January, it began issuing an infostealer script that extracts credentials from Chromium-based browsers , but in February, had already moved to a new modular tool called Stink.

    The new tool, in addition to Chromium browser infiltration and basic system information, also steals data from FTP client Filezilla and messaging apps Discord and Telegram.

    YoroTroopers motives, means, and backers are currently unknown, but the move to custom tools could turn out to be a worrying development for the corporate world. Heres our list of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/a-cyberspy-outfit-is-attacking-high-level-targe ts-in-the-eu


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)