Search This Blog

Latest News

Hacker Who Stole Information From Nintendo Now Sentenced

  A computer hacker who stole data from Nintendo and was recently caught with the possession of child pornography on his computer was ...

All the recent news you need to know

Updated Malware: Vietnamese Hacking Group Targeting MacOS Users

 

Researchers have discovered a new MacOS backdoor that steals credentials and confidential information. As cyber threats continue to rise, the newly discovered malware is believed to be operated by Vietnamese hacking group OceanLotus, colloquially known as APT 32. Other common names include APT-C-00, SeaLotus, and Cobalt Kitty. 
 
The nation-state backed hacking group has been operating across Asia and is known to target governments, media organizations, research institutes, human rights organizations, corporate sector, and political entities across the Philippines, Laos, Vietnam, and Cambodia. Other campaigns by the hacking group also focused on maritime construction companies. Notably, OceanLotus APT also made headlines for distributing malware through Apps on Google Play along with malicious websites. 
 
The attackers found the MacOS backdoor in a malicious Word document that supposedly came via an email. However, there is no information regarding the targets that the campaign is focusing on. In order to set the attack into motion, the victims are encouraged to run a Zip file appearing to be a Word document (disguised as a Word icon). Upon running the Zip file, the app bundled in it carrying the malware gets installed; there are two files in it, one is the shell script and another one is the Word file. The MacOS backdoor is designed by attackers to provide them with a window into the affected system, allowing them to steal sensitive data.

"Like older versions of the OceanLotus backdoor, the new version contains two main functions: one for collecting operating system information and submitting this to its malicious C&C servers and receiving additional C&C communication information, and another for the backdoor capabilities," TrendMicro explained in a blogpost. 

In an analysis, Researchers told, “When a user looks for the fake doc folder via the macOS Finder app or the terminal command line, the folder’s name shows ‘ALL tim nha Chi Ngoc Canada.doc’ (‘tìm nhà Chị Ngọc’ roughly translates to ‘find Mrs. Ngoc’s house’).”

“However, checking the original .zip file that contains the folder shows three unexpected bytes between ‘.’ and ‘doc’.”


Lithuania to allot seven million euros to combat hackers

Lithuania has applied to host the European Cyber Security Competence Center, which is designed to develop technologies and develop protective measures. The Raimundas Karoblis, the Minister of National Defense of the Baltic Republic, openly links the request for its creation with the "Russian threat".The vulnerability of NATO's "eastern flank" continues to worry European countries, which believe that after the protests in Belarus, the issue of Russia's influence is more acute.

Lithuania will compete for hosting the institution with Belgium, Germany, Luxembourg, Poland, Romania and Spain.

Ministry of Defense of the Baltic Republic draws attention to the activity of China and Russia, which are often associated with the hacker threat.

The Minister of Defense claims that "Russian cyber attacks happen quite often," although at the same time he makes a reservation: it is very difficult to formally establish the "authorship" of hacker attacks.

According to him, this is accompanied by information campaigns. It is likely that the work of the European Cybersecurity Competence Center will also be aimed at countering those information messages that will be considered propaganda in Vilnius. By the way, Lithuania offers to place the institution itself in the Vilnius TV tower.

It is worth noting that in January, the Prime Minister of the Republic Saulius Skvernialis called Lithuania "a leader in the field of information security". According to him, this area is a priority for the Baltic Republic.

In addition, Lithuania ranked fourth in the Global Cybersecurity Index (GCI) with a score of 0.908 points. The rating was led by the United Kingdom, which scored 0.931 points. The second and third places are occupied by the United States (0.926) and France (0.918). The top five is completed by Estonia, whose security level was estimated at 0.905 points.

Lithuanian authorities often claim cyber attacks and "Russian interference” without providing any evidence of the "guilt" of the Russian side. Moscow denied all such accusations and stressed that they were "absolutely unfounded".

However, Lithuania is currently concerned about military activity near its borders, which, according to its estimates, has increased against the background of the Belarusian events.

A Russian-speaking hacker put up for sale the accounts of the heads of the world's largest companies

 A Russian-speaking hacker under the pseudonym Byte leaked passwords from the personal profiles of managers of many large companies in the world

Data for accessing the personal accounts of Microsoft's online services and the email addresses of several hundred senior executives are put up for sale on a Russian-language hacker forum.  This was done by a Russian-speaking hacker under the pseudonym Byte. The seller claims that he has hundreds of passwords of different top managers from all over the world. He is ready to confirm the authenticity of the data to the buyer.

Offer to sell credentials appeared on a private forum Exploit.in for Russian-speaking cybercriminals. The description states that you can purchase email addresses and passwords to access the accounts of Office 365 and other Microsoft services of presidents, their deputies, CEOs, and other high-ranking executives of companies from around the world.

Byte asks for each address from $100 to $1500, the price directly depends on the size of the company and the position held by the account owner.

An information security specialist entered into negotiations with the seller to confirm how relevant the database offered for sale is. For verification, he received the credentials of two accounts: the CEO of an American software development company and the CFO of a chain of retail stores in one of the EU countries. As a result of verification, he got access to the data of these people. 

The attacker did not disclose the source of the data but claims that it can provide access to hundreds of accounts.

Analysts at KELA reported that the person selling these credentials previously tried to purchase information collected from computers infected with the Azorult malware. It usually contains usernames and passwords that the program extracts from victims' browsers.

This incident once again highlights the need for better data protection. Two-factor authentication or 2FA is often recommended.

Microsoft discovers Vietnamese Govt sponsored threat actor deploying cryptocurrancy malware

Microsoft on Monday claimed that Vietnamese government-backed hackers have been behind the cryptocurrency-mining malware campaign.

These state-run cyberspies have started additional activities of gaining financial aid along with running government-backed projects. Similar groups have been already reported from Russia, China, and Korea making it difficult to determine whether the campaign is for intelligence gathering or capital gain.  
Discovered by Microsoft Security Intelligence, Bismuth based in Vietnam also known as APT32 and OceanLotus has been active since 2012 doing backhand work for the government like hacking and data/info gathering for political, economic, and foreign policy matters. But, recently Microsoft observed a transformation in their activities earlier in the year.

 "In campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam," Microsoft said in their blog.

Microsoft suspects two theories behind this change: 

One of the reason could be to avoid suspicion and throw light over random crimes like crypto-mining malware and hide their cyber-espionage pursuits. This tactic will help them disguise and decrease security responses. 

Another and the more likely reason Microsoft believes is - it is what it looks like. These groups as they have total immunity from the government are expanding into gaining revenue from the systems they already went through during their spying operations. 

 Crypto-miners usually are suspected to be cybercriminals and not government-sponsored threat actors and are also not taken into account by security in normal routine checkups. But, these APT from the Chinese, Russian, Iranian, and North Korean state have started upside businesses of gaining capital via tactics like crypto-mining. 

 The reason being, since these groups are state-sponsored, they have total immunity. In-home state, they help the government and these countries doesn't have extradition treaties with the US, they can do anything with little or no consequence.