Malware

Weekly Malware Roundup – September 25, 2023

greykeep · September 26, 2023 ·

GreyKeep Security Malware Roundup - September 5, 2023

This is the GreyKeep Security Malware Roundup for September 25, 2023. Here’s a summary of what’s in this week’s edition:

Targets

Android
WinRAR
GitHub
GitLab

Azure
Redis
Free Download Manager

Organizations

Azerbaijan
City of Dallas
Middle East telecom
U.S. banks
Latin American banks

Ukrainian Military
Israeli organizations
Political activists/journalists
(Middle East)

Threat Actors

Earth Lusca (China)
Transparent Tribe (Pakistan)

OilRig (Iran)
Stealth Falcon

[Read more…]

Weekly Malware Roundup – September 18, 2023

greykeep · September 18, 2023 ·

This is the GreyKeep Security Malware Roundup for September 18, 2023. Here’s a summary of what’s in this week’s edition:

Targets

Amazon Web Services
(Amplify, Fargate, SageMaker)
Microsoft Windows
Apple MacOS
Facebook Messenger

Google Chrome
Adobe Acrobat
GitHub
Free Download Manager
Webdav

Organizations

MGM Resorts International
Defense
Satellite

Pharmaceutical
Asian power grid
Android banking apps

Threat Actors

Earth Lusca (China)
ALPHV
Cuba (ransomeware group)

Peach Sandstorm (Iran)
Winnti Group/Redfly (China)
Lazarus (N. Korea)

[Read more…]

Weekly Malware Roundup – September 11, 2023

greykeep · September 11, 2023 ·

This is the GreyKeep Security Malware Roundup for September 11, 2023. Here’s a summary of what’s in this week’s edition:

Targets

Android
Windows (NTLMv2)
Windows (Advanced Installer)
Microsoft IIS
Microsoft Teams
Cisco ASA

Apple MacOS
Apple iPhone
Fortinet SSL-VPN
Zoho ManageEngine
Facebook Messenger
IRM Next Generation

Organizations

Ukraine
Cybersecurity researchers

Graphic designers
Hotels and resorts

Threat Actors

North Korea
Lazarus (N. Korea)
APT28/Fancy Bear (Russia)

APT34 (Iran)
Charming Kitten (Iran)
Hive0117

[Read more…]

MinIO Exploit Reveals Novel Cloud Attack Vector

greykeep · September 7, 2023 ·

Photo by Engin Akyurt

Researchers at Security Joes recently discovered threat actors leveraging critical vulnerabilities in MinIO to infiltrate a cloud network. According to the blog post, the attack represents a novel approach to compromising cloud assets using non-native solutions.

[Read more…]

FBI Takes Down Qakbot Botnet in “Duck Hunt”

greykeep · September 1, 2023 ·

Qakbot rubber ducky — Photo by Timothy Dykes

The FBI and Justice Department spearheaded an international law enforcement effort to dismantle the Qakbot botnet. The operation, codenamed “Operation Duck Hunt”, involved agencies from the United States, France, Germany, Latvia, the Netherlands, Romania, and the United Kingdom. Hailed as “the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals,” the operation led to the seizure of $8.6 million in illicit cryptocurrency profits.

[Read more…]