China’s Volt Typhoon APT Threatens US Critical Infrastructure
The Volt Typhoon malware, driven by a Chinese Advanced Persistent Threat (APT) group, is more widespread than initially thought, targeting networks controlling US military bases’ communications, power, and water both domestically and internationally. Additionally, these networks also service regular businesses and civilians, making it challenging to gauge the full impact. The concern is that the APT is aiming to disrupt critical communication infrastructure between the US and Asia region, potentially hampering military response and civilian life during crises.
European Bank Customers Targeted in SpyNote Android Trojan Campaign
European bank customers are being targeted by the SpyNote Android banking trojan in an aggressive campaign. The trojan is distributed through email phishing or smishing campaigns and uses a combination of remote access trojan (RAT) capabilities and vishing attacks. SpyNote functions as both spyware and a banking trojan, gathering sensitive data from infected devices and performing bank fraud.
Israeli Oil Refinery Website Taken Offline by Pro-Iranian Hacktivist Group
The website of Israel’s largest oil refinery, BAZAN Group, has been inaccessible for several days after being attacked by a pro-Iranian hacktivist group called Cyber Avengers. The group claimed responsibility for the attack and released screenshots of BAZAN’s SCADA systems, including diagrams and code for the refinery’s programmable logic controllers (PLCs). While the attack did not affect the operational technology environment, the leaked information poses a potential risk to the refinery’s critical industrial equipment.
Call of Duty Self-Spreading Worm Infects Players, Game Servers Taken Offline
Activision has taken the servers of Call of Duty: Modern Warfare II offline after players detected a self-propagating worm infecting the PC version of the game. The malware spreads automatically within online lobbies, and researchers are investigating the motives behind the hackers distributing it. In response to the issue, Activision has also banned over 14,000 accounts for cheating and hacking in Modern Warfare II and Warzone.
‘DarkBERT’ GPT-Based Malware Trains Up on the Entire Dark Web
The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base. The forthcoming bots — dubbed DarkBART and DarkBERT — will arm threat actors with ChatGPT-like AI capabilities that go much further than existing cybercriminal genAI offerings, potentially lowering the barrier of entry for would-be cybercriminals to develop sophisticated business email compromise (BEC) phishing campaigns, find and exploit zero-day vulnerabilities, probe for critical infrastructure weaknesses, create and distribute malware, and much more. The rapid progression from WormGPT to FraudGPT and now ‘DarkBERT’ in under a month underscores the significant influence of malicious AI on the cybersecurity and cybercrime landscape.
New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets
Researchers have discovered a Python variant of the NodeStealer malware that is capable of taking over Facebook business accounts and stealing cryptocurrency. The malware is distributed through bogus messages on Facebook that trick victims into downloading a ZIP file containing the stealer executable. Once installed, the malware can download additional malicious files, disable antivirus software, and carry out crypto theft. Facebook business account owners are advised to use strong passwords and enable multi-factor authentication to protect against this threat.
Sophisticated Malware Targets Air-Gapped ICS Systems
Researchers have discovered a new worming second-stage malware that is able to exfiltrate data from air-gapped industrial control systems (ICS) environments. The malware infects removable storage drives and sends the stolen data to Dropbox, allowing threat actors to transmit the information to a command and control server. The attackers use various techniques, such as encrypted payloads and DLL hijacking, to obfuscate their actions and evade detection.
European Bank Customers Targeted in SpyNote Android Trojan Campaign
European bank customers are being targeted by the SpyNote Android banking trojan in an aggressive campaign. The trojan is distributed through email phishing or smishing campaigns and uses a combination of remote access trojan (RAT) capabilities and vishing attacks. SpyNote functions as both spyware and a banking trojan, gathering sensitive data from infected devices and performing bank fraud.
Space Pirates’ Cyber Campaign in Russia and Serbia
The threat actor known as Space Pirates has targeted at least 16 organizations in Russia and Serbia over the past year, expanding its interests and attack geography. The group has been linked to attacks on government agencies, educational institutions, private security companies, aerospace manufacturers, and more. They employ novel tactics and use malware such as Deed RAT, which is a successor to ShadowPad and PlugX, and serve next-stage payloads like Voidoor.
Italian Organizations Targeted by WikiLoader Malware for Banking Trojan Attacks
Italian organizations are being targeted by a phishing campaign that utilizes a new strain of malware called WikiLoader to install the Ursnif banking trojan, stealer, and spyware. WikiLoader is a sophisticated downloader that can be rented out to cybercriminal threat actors and uses multiple evasion techniques. The malware is distributed through emails with Microsoft Excel, OneNote, or PDF attachments, and is heavily obfuscated to bypass security software.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.