19-Feb-24: In Security News Today

Iranian Hackers Target Middle East Policy Experts with BASICSTAR Backdoor

Charming Kitten, a threat actor linked to Iran, has targeted Middle East policy experts with a new backdoor named BASICSTAR through phishing attacks posing as a fake webinar portal. The group, also known as APT35, has a history of social engineering campaigns targeting think tanks, NGOs, and journalists. The attacks involve deploying various backdoors like POWERLESS and NokNok, showcasing the group’s determination to continue cyber onslaught despite public exposure.

Russian-Linked Hackers Exploit Roundcube Flaws in Cyber Espionage Campaign

Threat actors aligned with Belarus and Russia, identified as Winter Vivern, targeted over 80 organizations in Georgia, Poland, and Ukraine by exploiting cross-site scripting vulnerabilities in Roundcube webmail servers. Winter Vivern, also known as TA473 and UAC0114, has been active since at least December 2020 and has previously targeted organizations in Moldova, Tunisia, and Uzbekistan. The cyber espionage campaign aimed to collect intelligence on European political and military activities, with evidence of targeting Iranian embassies in Russia and the Netherlands, as well as the Georgian Embassy in Sweden, indicating broader geopolitical interests.

iOS Trojan Targeting Bank Accounts through Facial Data Collection

Cybersecurity researchers have discovered a new iOS trojan used by a Chinese cybercrime group, aimed at stealing bank account funds by collecting facial profiles, identification documents, and SMS messages. This trojan, known as GoldPickaxe, is part of a broader malware campaign targeting the APAC region, with the iOS version capable of harvesting photos, capturing faces, and redirecting network traffic. The malware, initially spread through TestFlight and later via mobile device management profiles, masquerades as a legitimate Thai government app to deceive users into installation.

Attempted In-Flight Hijacking through Communication Networks

Two El Al flights from Thailand to Israel faced attempted hijacking of their communication networks over the Middle East, possibly by hackers aiming to divert the aircraft. The pilots detected the suspicious activity, ignored the false instructions, and maintained the planned route by switching communication channels. The incident highlights the importance of cybersecurity in aviation, prompting the EU’s aviation safety agency to release new cybersecurity regulations for the sector.

Google’s AI Cyber Defense Initiative

Google has launched an initiative to advance the use of artificial intelligence (AI) in cybersecurity, aiming to give defenders a significant edge over attackers. The initiative includes investment in AI-ready infrastructure, development of new defensive tools and research, as well as providing AI security training. Google also emphasizes the importance of public-private collaboration to secure AI technologies, highlighting its commitment through funding research grants and fostering AI for cybersecurity startups.

Anatsa Android Trojan Expands Reach and Bypasses Google Play Security

The Anatsa Android banking trojan has expanded its reach to new countries such as Slovakia, Slovenia, and Czechia in a campaign observed in November 2023. Despite Google Play’s enhanced detection mechanisms, the trojan’s droppers successfully exploited the accessibility service in Android 13, demonstrating the capability to bypass restricted settings. Anatsa, also known as TeaBot and Toddler, is distributed through seemingly innocuous apps on the Google Play Store, with the latest iteration masquerading as a phone cleaner app and utilizing malicious code to execute fraudulent transactions.

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Meta Platforms identified 8 spyware firms from Italy, Spain, and the U.A.E. targeting iOS, Android, and Windows devices, collecting various sensitive data and enabling device functionalities. These firms engaged in scraping, social engineering, and phishing activities across multiple platforms. Additionally, new surveillance tools like Patternz and MMS Fingerprint have been discovered, posing potential threats to mobile device security.

Rising Trend in Cryptocurrency Counterfeiting Targeting Fortune 100 Companies

Security researchers have identified a rising trend in cryptocurrency counterfeiting targeting Fortune 100 companies, with scammers creating tokens impersonating major brands, government bodies, and national fiat currencies. These fraudulent schemes, prevalent in decentralized finance (DeFi) and crypto, exploit investor interest through tactics like rug pulls. Platforms like Lobstr.co on the Stellar network have become hotspots for such activities, prompting the need for increased vigilance and regulatory frameworks to combat these fraudulent practices.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.