Hacks

Researchers discovered a new wave of custom malware campaign named as “Dudell” from previous unknown cyberespionage group dubbed  Rancor . Rancor Threat group active since 2017, and they continuously targeting the government organization until January 2019, in this current campaign, researchers discovered an undocumented custom malware. Additionally, the group using another malware family called “Derusbi” to load a secondary payload once it infiltrates a target, and malware will be installed in the victim’s machine by conducting 2 rounds of attack. Researchers observed that, the attacker sent via 149.28.156[.]61 to deliver either Derusbi or KHRat samples with either  cswksfwq.kfesv[.]xyz or connect.bafunpda[.]xyz as C2. Rancor has a record of conducting targeted attacks in Southeast Asia throughout 2017 and 2018. DUDELL Malware Infection Process DUDELL malware initially observed form weaponized Microsoft excel document via malspam...

Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software. Snatch has been active since at least the summer of 2018, but SophosLabs researchers spotted the Safe Mode enhancement to this ransomware strain only in recent cyber attacks against various entities they investigated. "SophosLabs researchers have been investigating an ongoing series of ransomware attacks in which the ransomware executable forces the Windows machine to reboot into Safe Mode before beginning the encryption process," the  researchers say . "The ransomware, which calls itsel...