New BellaCiao malware, PaperCut is Clop, Europe tech crackdown
Charming Kitten APT uses a new BellaCiao malware
Bitdefender has uncovered a new campaign targeting users in the U.S., Europe, the Middle East and India, operated by the Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team). The campaign uses new custom malware, dubbed BellaCiao, each customized to target a specific victim and including hardcoded information such as company name, specially crafted subdomains, or associated public IP address. It is used to deliver malicious payloads via a Microsoft Exchange exploit chain (like ProxyShell, ProxyNotShell, OWASSRF) or similar software vulnerability.
Microsoft blames Clop affiliate for PaperCut attacks
In the ongoing PaperCut story, Microsoft has claimed that recent attacks exploiting two vulnerabilities in the PaperCut print management software are likely the result of a Clop ransomware affiliate. Microsoft Threat Intelligence on Wednesday attributed recent attacks exploiting the bugs to “Lace Tempest,” a threat actor it says overlaps with FIN11 and TA505. FIN11 is linked to the infamous Clop ransomware gang and the Accellion FTA extortion campaign, while TA505 is reportedly behind the Dridex banking Trojan and Locky ransomware.
Big tech crackdown looms as EU, UK ready new rules
TikTok, Twitter, Facebook, Google, and Amazon are facing rising pressure from European authorities as London and Brussels advanced new rules Tuesday to curb the power of digital companies. They’re among those on a list of the 19 biggest online platforms and search engines that the European Union’s executive arm said must meet extra obligations for cleaning up illegal content and disinformation and keeping users safe under the 27-nation bloc’s landmark digital rules that take effect later this year. TikTok will allow European Commission officials to carry out a “stress test” of its systems to ensure they comply with the Digital Services Act, Commissioner Thierry Breton said in an online briefing.
Pro-Russia hacking group attacked Canadian gas pipeline
A Canadian gas pipeline that suffered a cyber security incident on February 25 is now being attributed to the Russian hacking group Zarya. The?New York Times?reported that the cybersecurity incident was revealed in leaked U.S. intelligence documents. Canada’s prime minister Justin Trudeau confirmed the cyber attack against the gas pipeline but pointed out that there was no physical damage to any Canadian energy infrastructure. The leaked document states that the attack was not aimed at causing “loss of life” but economic damage.?
领英推荐
Thanks to this week’s episode sponsor, @Tines
RTM Locker’s first Linux ransomware strain targeting NAS and ESXi hosts
The threat actors behind RTM Locker have developed a ransomware strain that’s capable of targeting Linux machines, marking the group’s first foray into the open source operating system. “Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware’s leaked source code,” Uptycs said in a new report published Wednesday. “It uses a combination of asymmetric encryption and symmetric encryption.” RTM Locker was first documented by Trellix earlier this month, describing the adversary as a private ransomware-as-a-service (RaaS) provider. It has its roots in a cybercrime group called Read The Manual (RTM) that’s known to be active since at least 2015.
South Korea, US agree to cooperate on cybersecurity and North Korean digital heists
In a joint statement released after South Korean President Yoon Suk Yeol’s visit to the White House, the two allies said they planned to establish a “Strategic Cybersecurity Cooperation Framework.” The agreement would involve working together to deter “cyber adversaries,” to secure critical infrastructure, combat cybercrime, “and secure cryptocurrency and blockchain applications.” Yoon and U.S. President Joe Biden discussed North Korea’s “illicit cyber activities that fund its unlawful [weapons] and ballistic missile programs” and committed to “block its cyber-enabled revenue generation,” the statement said.
(The Record )
New ‘Atomic macOS Stealer’ malware offered for $1,000 per month
Researchers at threat intelligence firm Cyble have analyzed a sample of the Atomic macOS Stealer’ Malware aka AMOS malware that was uploaded recently to VirusTotal and which had zero detections on platform at the time of its discovery. According to Cyble, the malware, advertised on a Telegram channel, has been offered for $1,000 per month. Its author claims it can steal all passwords from the Keychain, full system information, and files from the compromised computer.It can also allegedly steal passwords, cookies, cryptocurrency wallets and payment card data from browsers such as Chrome, Firefox, Brave, Edge, Vivaldi, Yandex and Opera. In addition, it can steal cryptocurrency wallets outside the web browser and from browser extensions. Users of the malware are provided a web-based management interface hosted on a .ru domain, and exfiltrated data can also be sent to specified Telegram channels.
Brace yourself for the 2024 deepfake election
A feature article in?Wired?by Thor Bensen warns of the danger of deepfakes being used during the 18-month run-up to the 2024 election, in which candidates saying something disqualifying could come out, with most people never knowing they were AI-generated. Bensen quotes Henry Ajder, an independent AI expert, who says, “Convincing deepfake videos are still difficult to produce, but that might not be the case within 12 months or so. Video is really the next frontier in generative AI.” Potential solutions to this problem currently include C2PA, which cryptographically signs content created by a device such as a phone or video camera, as well as fingerprinting, which involves taking hashes from content.
(Wired )