Skip to main content

Posts

Showing posts from February 20, 2020

Fox Kitten – Iranian Malware Campaign Exploiting Vulnerable VPN Servers To Hack The Organizations Internal Networks

Researchers discovered a widespread Iranian malware campaign called Fox Kitten that targeting the several organization networks by exploiting the Vulnerabilities in VPN. The organization its targets are mainly related to IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world. Once the attacker successfully exploited the network, they are gaining the persistence access to the internal system and foothold in the networks of numerous companies. Fox Kitten campaign believed to be originated from Iran, and infamous Iranian offensive group APT34-OilRig are behind this attack also researchers suspected that this campaign has some connection with PT33-Elfin and APT39-Chafer groups. Large infrastructure is used for this campaign to perform a various malicious operation on behalf of the attack including: Develop and maintain access routes to the targeted organizations Steal valuable information from the targeted organizations Maintain ...

Hackers Spreading AZORult Malware As a Fake ProtonVPN Installer To Attack the Windows Computers

Researchers discovered a new wave of Azorult malware campaign that abusing the protonVPN and dropper the malware payload as a fake ProtonVPN installer to infect the Windows System. GBHackers reported  several incidents  involved by the Azorult malware campaign and is one of the well-known malware that often sold in Russian forums for the higher price ($100) since this malware contains a broad range of persistent functionality. In this current attack scenario, Threat actors created a fake ProtonVPN website which is an exact HTTrack copy of the original ProtonVPN website through which they spreading the malware as an installer package to compromised the Windows users. Fake ProtonVPN website The campaign initially started in November 2019 and the attacker register the domain under the name of ProtonVPN{.}store and is Registrar used for this campaign is from Russia. Infection Vectors Attackers handling several infection vectors to spread this malware and infect the v...