![]() Securonix warns that DB#JAMMER attack campaigns are targeting exposed MSSQL databases with brute-force attacks in order to deliver the FreeWorld ransomware. DB#JAMMER brute-forces exposed MSSQL databases. As happened with the ReversingLabs team's earlier VMConnect research, the team was unable to obtain copies of the Stage 2 malware used in this campaign.” The researchers note that the campaign has overlaps with previous attacks attributed to Labyrinth Chollima, a branch of North Korea’s Lazarus Group. ReversingLabs continues to track “VMConnect,” a supply chain attack involving malicious packages posted to the PyPI package repository: “The research team.has identified three more malicious Python packages that are believed to be a continuation of the VMConnect campaign: tablediter, request-plus, and requestspro. VMConnect supply chain attack connected to DPRK. The researchers note that there are still 984 vulnerable OpenFire servers connected to the internet, most of which are located in the US, China, and Brazil. ![]() This then allows the threat actor to create a new admin user and upload malicious plugins.” The attackers are using the vulnerability to deliver the Kinsing malware, as well as a cryptominer: “This vulnerability leads to a path traversal attack, which grants an unauthenticated user access to the Openfire setup environment. ![]() Researchers at Aqua have discovered a new malware campaign exploiting an Openfire vulnerability (CVE-2023-32315) that was disclosed in May 2023. The researchers add that the malicious Signal app, called “Signal Plus Messenger,” “represents the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to the attacker’s Signal device.” New malware exploits OpenFire vulnerability. In this case, the malicious Telegram app, called “FlyGram,” was shared in a Uyghur Telegram group. ESET notes that BadBazaar has been used in the past to target Uyghurs and other Turkic ethnic minorities. Both stores have since removed the malicious apps. China's GREF deploys tools used against Uyghurs in broader espionage.ĮSET says the China-linked threat actor “GREF” is distributing the BadBazaar Android malware via Trojanized versions of Telegram and Signal in the Google Play store and the Samsung Galaxy Store. The researchers refrain from making any attributions, but they note that there are some overlaps between Earth Estries and the China-linked FamousSparrow APT. Trend Micro describes a cyberespionage campaign by a cybercriminal group the researchers call “Earth Estries.” The threat actor is targeting “organizations in the government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US.” Trend Micro states, “e believe the threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyberespionage and illicit activities.” “Prolific” threat actor targets the crypto sector.Ĭyberespionage campaign by Earth Estries.DB#JAMMER brute-forces exposed MSSQL databases.VMConnect supply chain attack connected to DPRK.New malware exploits OpenFire vulnerability. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |