Cyberattackers Exploit Google Sheets For Malware Control In Likely Espionage Campaign
A sophisticated malware campaign exploiting Google Sheets as a command-and-control (C2) platform has been detected, targeting over 70 global organizations across various sectors, with Proofpoint researchers linking the activity to likely espionage. The attackers, posing as tax authorities, use a customized backdoor called Voldemort, which employs advanced techniques including PowerShell and Python scripts to gather system information, exfiltrate data, and execute further payloads. Despite its alignment with advanced persistent threats (APT), the campaign also exhibits characteristics of cybercrime, making it challenging to fully assess the threat actors’ capabilities and objectives.
Iran’s ‘Fox Kitten’ Group Aids Ransomware Attacks On US Targets
Iranian threat group “Fox Kitten,” backed by the state, is facilitating ransomware attacks on U.S. targets by selling network access it has already compromised. The group exploits vulnerabilities in VPNs and other exposed services, providing ransomware operators like ALPHV with initial access in exchange for a share of the ransom. Despite ongoing exploitation of known vulnerabilities, many organizations have not adequately mitigated these risks, leaving them vulnerable to Fox Kitten’s persistent attacks.
Researchers Trace Massive Data Leak To US Data Broker: Why Should You Care
A recent data leak involving over 170 million sensitive records, likely originating from People Data Labs (PDL), was discovered on an unprotected Elasticsearch server, raising concerns about the security practices of data brokers. The leaked information includes personal details like full names, phone numbers, and employment history, potentially exposing millions to identity theft and phishing attacks. Although PDL’s direct involvement remains unconfirmed, the incident highlights the critical need for robust security measures to protect sensitive data from unauthorized access and misuse.
US Government Issues Advisory On Ransomware Group Blamed For Halliburton Cyberattack
The RansomHub ransomware group, suspected of being behind the recent cyberattack on Halliburton, has targeted at least 210 victims across various critical infrastructure sectors since its inception in February 2024. The U.S. government, through a joint advisory from CISA, FBI, HHS, and MS-ISAC, has detailed the tactics, techniques, and procedures (TTPs) of RansomHub, providing indicators of compromise (IoCs) to help organizations detect and prevent similar intrusions. The advisory does not explicitly mention the Halliburton incident, suggesting that RansomHub’s involvement is still under investigation, with ongoing negotiations between the attackers and the company.
Russian State Hackers Using Cyberweapons Developed By Western Spyware Firms
Russian state-sponsored group Cozy Bear (APT29) has been deploying exploits and code initially developed by Western commercial spyware vendors like Intelexa and NSO Group to target government entities. In multiple attacks from November 2023 through July 2024, Cozy Bear repurposed zero-day exploits from these firms, adapting them for sophisticated cyber operations against Mongolian government websites, targeting both iOS and Android users. The Google Threat Analysis Group highlights the dangerous proliferation of these commercial spyware tools to state-backed actors, underscoring the need for rapid patching and vigilance in cybersecurity defenses.
NASA Focuses On Cybersecurity Of Its Mission-Critical Software
NASA’s Katherine Johnson Independent Verification and Validation Facility (IV&V) is integrating cybersecurity into its traditional software assurance roles to protect mission-critical systems. With a small but expanding team, IV&V is now evaluating potential cybersecurity risks in software, ensuring robust protection against threats. Additionally, NASA is enhancing its cybersecurity educational outreach to help grow the cybersecurity workforce, crucial for both NASA and broader infrastructure security.
New Voldemort Malware Abuses Google Sheets To Store Stolen Data
Voldemort malware, a new C-based backdoor, is exploiting Google Sheets as a command-and-control (C2) server, targeting over 70 organizations in sectors like insurance, aerospace, and education. This sophisticated phishing campaign impersonates tax agencies to deliver malicious files, ultimately leading to the execution of a Python script that profiles victims and installs the Voldemort malware via DLL side-loading. The malware uses Google Sheets to retrieve commands and store stolen data, making detection challenging due to its reliance on commonly trusted services.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.