DLL side-loading – Threat Note

From The Hacker News – China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was

shaikh Saqib April 1, 2025

Vulnerabilities

From Cybersecurity Help – Russian Gamaredon APT targeting Ukraine with malicious LNK files in new Remcos campaign

The malicious LNK files are disguised as legitimate files, with filenames using Russian terms related to military movements in Ukraine. Read More

Samir K March 31, 2025

News

From The Hacker News – Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to

shaikh Saqib March 31, 2025

News

From Cyber Security News – 12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury

The U.S. Department of Justice (DOJ) unsealed indictments today against 12 Chinese nationals linked to state-sponsored cyber espionage campaigns targeting the U.S. Treasury Department, religious organizations, media outlets, and critical…

shaikh Saqib March 6, 2025

News

From The Hacker News – FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday

shaikh Saqib February 25, 2025

Vulnerabilities

From Cybersecurity Help – China-linked Green Nailao campaign targets European orgs with ShadowPad and PlugX

The campaign exploited a recently-patched vulnerability in Check Point network gateway security products. Read More

shaikh Saqib February 20, 2025

News

From The Hacker News – Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)

shaikh Saqib February 20, 2025

News

From The Hacker News – Hackers Exploited PAN-OS Flaw to Deploy Chinese Malware in Ransomware Attack

An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had

shaikh Saqib February 13, 2025