Skip to main content

Posts

Showing posts from March 22, 2020

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a  golden opportunity for threat actors  to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns. Profiting from global health concerns,  natural disasters , and other extreme weather events is nothing new for cybercriminals. Scams related to SARS,  H1N1 (swine flu) , and avian flu have circulated online for more than a decade. According to  reports from ZDnet , many state-sponsored threat actors have already started to distribute coronavirus lures, including: Chinese APTs: Vicious Panda, Mustang Panda North Korean APTs: Kimsuky Russian APTs: Hades group (believed to have ties with APT28), TA542 ( Emotet ) Other APTs: Sweed (Lokibot) Recently, the Red Drip team  reported  that APT36 ...

Thousands of Coronavirus (COVID-19) Related Sites As Bait by Hackers

As the world comes to grips with the  coronavirus pandemic , the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by  Check Point Research  today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web. "Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said. COVID-19 Discounts: Exploit Tools for Sale The report comes following an uptick in the number of  malicious coronavirus-related domains  that hav...

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called " Mukashi ," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service (DDoS) attacks. Multiple Zyxel NAS products running firmware versions up to 5.21 are vulnerable to the compromise, Palo Alto Networks' Unit 42 global threat intelligence team said, adding they uncovered the first such exploitation of the flaw in the wild on March 12. Zyxel's Pre-Authentication Command Injection Flaw Mukashi hinges on a pre-authentication  command injection vulnerability  (tracked as  CVE-2020-9054 ), for which a proof-of-...

Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems

Multiple zero-day vulnerabilities in  digital video recorders  (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm  Qihoo 360 's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread  Chalubo ,  FBot , and  Moobot  botnets at least since August 30, 2019. Netlab researchers said they reached out to LILIN on January 19, 2020, although it wasn't until a month later the vendor released a  firmware update  (2.0b60_20200207) addressing the vulnerabilities. The development comes as IoT devices are increasingly being used as an  attack surface  to launch DDoS attacks and as proxies to engage in various forms of cybercrime. What Are the LILIN Zero-Days About? The flaw in itself concerns a chain of vulnerab...