Tech News
Back to home
Technology

Microsoft catches Russian hackers targeting foreign embassies

Source

Ars Technica

Published

TL;DR

AI Generated

Microsoft has identified Russian-state hackers targeting foreign embassies in Moscow using custom malware installed through adversary-in-the-middle attacks at the ISP level. The campaign, ongoing since last year, exploits ISPs in Russia, which are compelled to assist the Russian government. The threat group, known as Secret Blizzard, intercepts communications between embassies and their connections, redirecting them to malicious websites. This operation, named ApolloShadow, marks the first confirmation of such cyber espionage capabilities at the ISP level, making diplomatic personnel in Russia vulnerable targets.

Read Full Article

Similar Articles

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

Unknown attackers breached the website of CPUID, the developer of HWMonitor and CPU-Z, serving users infected files instead of legitimate ones for six hours. The malware aimed to steal browser credentials, particularly from Google Chrome. The breach was fixed, and CPUID's original files were not compromised. Supply chain attacks like this have become more common, with popular tech tools being targeted to distribute malware. Users who downloaded the infected files may have had their systems compromised.

Tom's Hardware
CanisterWorm malware wipes Iranian machines for no apparent reason — sophisticated attack spreads through npm packages and uses ICP canister as control surface

CanisterWorm malware wipes Iranian machines for no apparent reason — sophisticated attack spreads through npm packages and uses ICP canister as control surface

A hacking group named TeamPCP has developed the CanisterWorm malware, which targets Iranian machines and wipes their contents without a clear motive. The malware spreads through npm packages and uses an ICP canister as a control surface, making it a sophisticated and unique attack. The group's previous activities focused on monetary gain, but this latest version of the malware seems to be more about showcasing their capabilities. The attack was initiated through a hack on the Trivy open-source vulnerability scanner software, highlighting the importance of securing software publishing infrastructure. The ICP protocol, which the malware utilizes, has strict security measures in place to prevent unauthorized access and takedowns.

Tom's Hardware
Self-propagating malware poisons open source software and wipes Iran-based machines

Self-propagating malware poisons open source software and wipes Iran-based machines

A hacking group named TeamPCP is spreading a new self-propagating backdoor and data wiper targeting Iranian machines. The group has been using a worm to compromise cloud-hosted platforms for various malicious activities like data exfiltration, ransomware deployment, extortion, and cryptocurrency mining. TeamPCP recently compromised the Trivy vulnerability scanner through a supply-chain attack and spread potent malware that automatically infects new machines without user interaction. The malware targets npm repository access tokens and creates new versions of packages with malicious code. The worm is controlled by a tamper-proof mechanism using an Internet Computer Protocol-based canister, allowing attackers to constantly change control server URLs.

Ars Technica
Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

A new vulnerability called Zombie ZIP allows malware to bypass 95% of antivirus apps by disguising compressed data as uncompressed in ZIP files. This trick evades detection as the data appears as random bytes to antivirus software. The flaw has been exploited in a proof-of-concept Python script that can easily extract malware from corrupted ZIP files. Security experts recommend caution with ZIP files until antivirus solutions catch up with this issue.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.