Tag: hackers

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
Risk, Security

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

A possible Chinese-speaking actor using under the name DragonSpark is targeting businesses in East Asia while using unusual methods to get past security measures. According to SentinelOne's investigation, which was released today, "the attacks are characterized by the usage of the little-known open-source SparkRAT and malware that tries to elude detection through Golang source code interpretation." The persistent usage of SparkRAT in the incursions to carry out various tasks, such as information theft, taking over an infected host, or executing further PowerShell commands, is a startling feature. Although the threat actor's ultimate objectives are still unknown, espionage or cybercrime read the complete article Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evad...
FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
Risk, Security

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

The loss of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022 was confirmed by the American Federal Bureau of Investigation (FBI) on Monday. The Lazarus Group and APT38 (also known as BlueNoroff, Copernicium, and Stardust Chollima), a state-sponsored threat group from North Korea that specializes in financial cyber operations, were both blamed by the law enforcement agency for the hack. The FBI added that the TraderTraitor attack campaign, which was made public by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in April 2022, was used by the Harmony infiltration. The strategy involved using social engineeri...
Hackers Hijack NortonLifeLock Customer Accounts
Resources, Risk, Security

Hackers Hijack NortonLifeLock Customer Accounts

Some customers of NortonLifeLock have been informed that nefarious outsiders have probably accessed their accounts and may have even gotten to their password vaults. The letter informing customers of the data breach was published on the website of the Vermont attorney general's office. It stated that by using username and password login combinations, hackers have probably gained access to their Norton and Norton Password Manager accounts. The vendor, which is a Gen Digital company, confirmed that these logins weren't obtained through a breach of its own IT system. It declared that "our own systems were not compromised." "However, we firmly suspect that your login and password for your account have been used by an uninvited third party. This username and password pair might be kno...
Unregistered devices in hybrid work increase hacking risk in India
Risk, Security

Unregistered devices in hybrid work increase hacking risk in India

The usage of unregistered devices by employees has increased the hazards associated with hybrid work in India, according to a new report released on Monday. Hybrid work allows employees to work from any location while also guaranteeing business continuity for organizations. Over 90% (95%) of respondents in the country, according to a study by networking giant Cisco, claim that their employees log onto work platforms using unregistered devices. More than 8% of employers report that their staff uses these unauthorized gadgets for more than 10% of the workday. Disruption is occurring now more quickly than ever. In order to provide real-time visibility into dispersed applications, security, networks, users, and services, it asks for a re-evaluation of the cybersecurity architecture to e...
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions
Resources, Risk, Security

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

With the intention of building supply chain attacks, rogue extensions could be uploaded using a new attack vector that targets the Visual Studio Code extensions marketplace. According to Ilay Goldman, a security researcher at Aqua, the method "may operate as an entrance point for an assault on multiple organisations," in a paper released last week. Developers can enhance their workflows by adding programming languages, debuggers, and tools to the VS Code source-code editor using VS Code extensions, which are curated through a Microsoft-provided marketplace read the complete article Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions. For this type of latest cybersecurity news follow ReconBee.com regularly, and keep yourself updated with the ...
Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain
Risk, Security

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

With a more sophisticated toolkit and a complex infection chain, the financially motivated threat actor known as Blind Eagle has reappeared in assaults on organizations in Colombia and Ecuador. The most recent research from Check Point provides fresh insights into the strategies and methods used by the Spanish-speaking population, including the employment of sophisticated tools and government-themed baits to activate the kill chain. Blind Eagle, also known as APT-C-36, is unique for its limited geographic scope and has been attacking South American countries without discrimination at least since 2018. Trend Micro documented Blind Eagle's actions in September 2021, spotting a spear-phishing campaign primarily targeting Colombians read the complete article Blind Eagle Hackers Retur...
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Reputation, Resources, Risk, Security

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Since Microsoft decided to by default disable Visual Basic for Applications (VBA) macros for Office files received from the internet, threat actors have been forced to adapt their attack chains. The use of Excel add-in (.XLL) files as an initial attack vector by advanced persistent threat (APT) actors and commodity malware families is now on the rise, according to Cisco Talos. Weaponized Office files distributed through spear-phishing emails and other social engineering assaults continue to be one of the most popular entry points for criminal organizations seeking to run harmful code. Typically, these documents ask the victims to enable macros in order to view seemingly innocent material, only to trigger the malware's stealthy background execution read the complete article APT Ha...
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
Business, Risk, Security

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

The notorious Lazarus Group subcluster BlueNoroff has been seen incorporating fresh strategies into its playbook to get against Windows Mark of the Web (MotW) security measures. In a research released today, Kaspersky revealed that this includes the usage of the virtual hard disc (.VHD extension) and optical disc image (.ISO extension) file formats as a component of a novel infection chain. Security researcher Seongsu Park stated that "BlueNoroff developed multiple phony domains imitating banks and venture capital firms," adding that the new attack technique was noted in its telemetry in September 2022. ABF Capital, Angel Bridge, ANOBAKA, Bank of America, and Mitsubishi UFJ Financial Group, most of which are based in Japan, are among the fake domains that have been discovered to ...
Hackers Breach Okta’s GitHub Repositories, Steal Source Code
Business, Risk, Security

Hackers Breach Okta’s GitHub Repositories, Steal Source Code

The identity and access management service provider Okta said on Wednesday that several of its source code repositories had been improperly accessed earlier this month. According to the firm, "There is no impact to any clients, including any HIPAA, FedRAMP, or DoD customers." Customers are not compelled to take any action. Unknown threat actors gained access to the code repositories for the Okta Workforce Identity Cloud (WIC), which are housed on GitHub, according to the security incident, which was initially reported by Bleeping Computer. The source code was subsequently copied by abusing the access read the complete article Hackers Breach Okta's GitHub Repositories, Steal Source Code.