BTC $67852.9739
ETH $3736.2149
BNB $594.1050
SOL $166.3084
stETH $3737.5409
XRP $0.5205
DOGE $0.1591
TON $6.4684
ADA $0.4483
AVAX $36.6282
wstETH $4364.4066
WETH $3735.5591
WBTC $67858.8270
LINK $18.0942
DOT $7.0439
TRX $0.1115
UNI $10.7640
BCH $466.7070
MATIC $0.7008
LTC $83.1200
PEPE $0.0000
FET $2.2174
ICP $12.0845
RNDR $10.1413
DAI $1.0003
weETH $3885.0119
CAKE $2.7829
NEAR $7.3740
IMX $2.2369
ETC $29.7637
APT $9.1185
BSC-USD $0.9980
ezETH $3690.9774
HBAR $0.1015
WIF $3.4172
KAS $0.1371
MNT $0.9891
FIL $5.7764
FDUSD $1.0004
USDE $1.0012
GRT $0.3067
ATOM $8.5810
STX $1.9200
OKB $45.3609
TAO $394.5777
XMR $145.0854
ENS $25.5453
BTC $67852.9739
ETH $3736.2149
BNB $594.1050
SOL $166.3084
stETH $3737.5409
XRP $0.5205
DOGE $0.1591
TON $6.4684
ADA $0.4483
AVAX $36.6282
wstETH $4364.4066
WETH $3735.5591
WBTC $67858.8270
LINK $18.0942
DOT $7.0439
TRX $0.1115
UNI $10.7640
BCH $466.7070
MATIC $0.7008
LTC $83.1200
PEPE $0.0000
FET $2.2174
ICP $12.0845
RNDR $10.1413
DAI $1.0003
weETH $3885.0119
CAKE $2.7829
NEAR $7.3740
IMX $2.2369
ETC $29.7637
APT $9.1185
BSC-USD $0.9980
ezETH $3690.9774
HBAR $0.1015
WIF $3.4172
KAS $0.1371
MNT $0.9891
FIL $5.7764
FDUSD $1.0004
USDE $1.0012
GRT $0.3067
ATOM $8.5810
STX $1.9200
OKB $45.3609
TAO $394.5777
XMR $145.0854
ENS $25.5453
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • For 14 years, Mahagrass spied on South Asian networks

    Hackers now have a new way to spread the Remcos Trojan.

    The Chinese defense company Qi'anxin found that the APT-Q-36 group (Mahagrass, Patchwork, Dropping Elephant, and Hangover) was up to new tricks. The group, which has roots in South Asia, has been spying online since 2009. Their major targets have been Asian government and military institutions, as well as groups working in energy, industry, science, education, politics, and economics.

    The group recently spread the Remcos Remote Access Trojan (RAT) using the Spyder Loader. Attackers often use this Trojan to spy on computers and steal private data. The attacker's goal is clear.

    Spyder can download and run executable files from a Command and Control (C2) server. It has been changed several times in the past few months. It was noticed that encrypted strings were used to hide static from security programs and that the data format was changed so that it could be sent to C2 servers.

    Pakistan, Bangladesh, and Afghanistan were named as possible places to attack. This shows that attackers are very focused and deliberate in their efforts to stay hidden and finish their missions to gather information.

    Qi'anxin tells users to be careful and stay away from sketchy links on social networks and email attachments from people you don't know. They should also not run strange files or install software from sources you don't trust. Cybersecurity is still a big issue because these kinds of groups are always coming up with new ways to attack and get around defenses.

    As we may remember, HP Wolf Security's most recent cybersecurity report for the third quarter of 2023 shows that the number of campaigns using RAT Trojans has grown significantly. RATs are being used more and more, and they are often hidden in Excel and PowerPoint files that look like they are safe and are attached to emails.

    Also, in September, a large-scale phishing campaign was found in Colombia that was aimed at more than 40 big companies in a range of industries. The attackers' plan was to sneakily put Remcos RAT on the computers of company workers so they could get more information and hack the computers even more.

    Also, Symantec revealed a string of attacks in 2022 that were linked to the APT41 (Winnti) group. These attacks targeted Hong Kong government agencies and, in some cases, went unnoticed for a year. It was their "calling card" to use the Spyder Loader in these attacks, and they had done so in other strikes before.

    Author reign3d
    Credentials are the most delectable treat for cybercriminals
    Understanding Backdoors: Their Role and Impact in Digital Security

    Comments 0

    Add comment