-
Internet troll created a large-scale botnet "Dark Frost" and directed it to the gaming community
An aspiring cybercriminal streamer drops the servers of popular online games live.Akamai specialists have discovered a new botnet that conducts DDoS attacks against ordinary users and entire companies in the gaming industry. According to security researcher Allen West, the "Dark Frost" botnet (originally called "DarknessBotnet") is based on various malware such as Gafgyt, QBot, Mirai, and combines hundreds of infected devices with different architectures.Game companies, game server hosting providers, online streamers, and even ordinary members of the gaming community with whom the attacker came into contact become the targets of the attacks. According to Akamai,...
-
Vulnerable Microsoft IIS Servers Became a Spying Tool for Lazarus Group Hackers
The attacks used an outdated Notepad++ plugin to deliver malware.The AhnLab Security Emergency Response Center (ASEC) reports that North Korean hacker group Lazarus Group is targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers to deploy malware on target systems.According to AhnLab Securit, the group uses DLL Sideloading to launch arbitrary payloads. Hackers place a malicious DLL (msvcr100.dll) in the same folder path as a normal application (Wordconv.exe) through the Windows IIS web server process, w3wp.exe. The attackers then launch a normal application to initiate the execution of the malicious DLL.The malicious library "msvcr100.dll"...
-
New RA Group breaks into cyberspace
A new group of hackers called "RA Group" is attacking pharmaceutical, insurance, financial and manufacturing companies in the US and South Korea with ransomware.The group began operations in April 2023, when hackers launched a site on the dark web to publish stolen data from their victims. For example, hackers use the "double extortion" tactic common among other ransomware groups.According to the Cisco Talos team, the RA Group uses a ransomware based on the leaked Babuk ransomware source code.A feature of the RA Group is that in each attack, the victim will receive an individual ransom...
-
Lancefly: a new spy in cyberspace of unknown origin
Symantec Threat Labs reports that a new Lancefly APT group is using a special Merdoor backdoor to attack government, aviation and telecommunications organizations in South and Southeast Asia.Since 2018, Lancefly has been deploying the stealth Merdoor backdoor in targeted attacks for persistence, command execution, and keylogging on corporate networks, according to Symantec. The motive behind the campaigns is believed to be intelligence gathering.Symantec researchers did not discover the original infection vector, but found evidence that Lancefly has been using phishing emails, SSH credential brute force, and exploiting public server vulnerabilities to gain unauthorized access over...
-
BlackCat stole documents from international accounting firm Mazars Group
It is not known what the attack will lead to and whether it will provoke data leaks of large corporations.International audit, accounting and consulting firm Mazars Group has been targeted by ALPHV/BlackCat ransomware. The group reported the theft of company data on its leak site.The ALPHV/BlackCat group claims to have stolen sensitive data from the Mazars Group. The hackers stole over 700GB of data, including customer agreements, financial statements and other sensitive information.Mazars Group is an international professional services provider headquartered in Paris, France. The company was founded in 1940 in France and has since...
-
The FBI was unable to completely eliminate the popular cybercrime Genesis Market
The Genesis Market hacker market, which sold stolen accounts of Netflix, Amazon and other services, continues to operate as if nothing had happened, despite police statements about its liquidation.Last month, the FBI solemnly announced that the cybercrime infrastructure of the Genesis Market had been taken down and that the market itself had been removed from public access on the public internet. However, an identical version of the marketplace hosted on the dark web, remains active to this day.The site administrators only “added fuel to the fire” when they placed in the header of the site...
-
European law enforcement officers defeated the Balkan drug cartel
European police detained in Belgrade three people whom they call the "biggest" drug lords of the Balkans. This became possible thanks to the hacking of the encrypted Sky ECC messenger, which was used by criminals to hide their activities from the law.On May 11, law enforcement agencies in Serbia and the Netherlands conducted coordinated raids on suspected cartel leaders and its drug distribution infrastructure, Europol reported. During the operation, 13 suspects were arrested in Serbia, including three ringleaders, 35 houses were searched and almost 3 million euros, 15 expensive cars, a lot of jewelry, watches...
-
Attackers are distributing a new stealer under the guise of CapCut
Fraudsters take advantage of the fact that the application is banned in other countries and offer users alternative download methods.Cybersecurity firm Cyble discovered two campaigns in which attackers distribute malware under the guise of CapCut, a popular video editor for TikTok.CapCut is ByteDance's official video editor for TikTok. The application has more than 500 million downloads on Google Play alone, and more than 30 million users visit the program website per month.The popularity of the app, as well as its ban in Taiwan, India, and other countries, has forced users to look for alternative ways...
-
'Fraud is fun' - Teen accused of hacking scam
Joseph Garrison earned at least $2.1 million.Joseph Garrison, 18, of Madison, Wisconsin, is accused of hacking the sports betting site DraftKings and stealing $600,000 from hundreds of customer accounts.According to federal prosecutors in Manhattan, Garrison used stolen usernames and passwords he bought on the dark web to hack into 60,000 DraftKings accounts last November. He then sold this information to other people who used it to empty 1,600 customer accounts. This hack is called "credential stuffing" and works best when users use the same password and login on different sites."Fraud is fun," Garrison allegedly wrote...
-
CryptNet: The new Ransomware-as-a-Service with the lowest fees
Cybersecurity experts at ZeroFox discovered an ad on the RAMP dark web forum for a new ransomware-as-a-service (RaaS) service called CryptNet. The announcement was published by a hacker with the nickname "shrinbaba".CryptNet is advertised as being fast and completely inconspicuous with various features and functions, such as the ability to remove shadow copies and disable backup services, as well as encryption without an internet connection and a chat panel for negotiations. According to ZeroFox, CryptNet already managed to infect two victims at the end of April.It is noteworthy that CryptNet gives the hacker 90% of...
