BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New NewsPenguin Group uses spyware to steal Pakistan Navy Technology

    Information security company BlackBerry reports that a previously unknown attacker called NewsPenguin is running a phishing campaign targeting Pakistani organizations using the upcoming international maritime expo (PIMEC-23) as bait.

    The cybercriminal sent out spear-phishing emails with an attached document purporting to be a guide for PIMEC-23 participants. According to experts, the attacks target organizations associated with the marine environment and event attendees.

    Once the document is run, a technique called Remote Template Injection is used to extract the next stage payload from the attacker's server, which is configured to return an artifact only if the request is from an IP address in Pakistan.

    BlackBerry researchers found that the server hosted two passwordless ZIP archives, one containing a DLL and the other including a Windows executable (updates.exe) that functions as a stealth spy tool capable of bypassing sandboxes and virtual machines.

    Dmitry Bestuzhev, a threat researcher at BlackBerry, said the spyware was written from scratch and specifically tailored for the campaign. To keep malware undetected, there is a five-minute delay between each request, he said.

    The implant has the following features:

    • self-removal in case of detection or completion of the operation;
    • exfiltration of sensitive data from the victim's system;
    • deleting files;
    • running applications on the victim's system;
    • collection of information about files of interest in the system.

    Moreover, the content of the binary file is XOR encrypted, where the XOR key is "penguin", which is the basis for the name NewsPenguin. However, BlackBerry has not found any TTPs that match any currently known attacker or group.

    An analysis of the domain hosting the payloads shows that it was registered on June 30, 2022, indicating some level of pre-planning for the campaign while taking steps to iterate the toolbox.

    BlackBerry said that since the campaign is targeting an event organized by the Pakistan Navy, this means that the purpose of the attacks is not to make a profit, but to steal the most interesting files containing information about the theme of the conference, networking people and technologies presented at it.

    Author DeepWeb
    Gootkit Loader gets new deployment method to deliver Cobalt Strike
    Reddit internal documents and source code stolen

    Comments 0

    Add comment