Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. “The campaign involves modular infection Read more…

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. “This cluster of activity spanned from late 2023 to April 2024 Read more…

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. “Deuterbear, while similar to Waterbear in many Read more…

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. “Durian boasts comprehensive backdoor functionality, enabling the execution of Read more…

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly Read more…

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign Cybersecurity researchers have discovered a new campaign that’s exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that Read more…

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker Read more…