#backdoor

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News. "The group has shown the ability to

Categories: News Tags: 3CX Tags: supply-chain Tags: sideload Researchers have found that the 3CX desktop app may be compromised and used in supply chain attacks. (Read more...) The post 3CX desktop app used in a supply chain attack appeared first on Malwarebytes Labs.

By Deeba Ahmed An unidentified Chinese APT group is suspected of operating the Mélofée malware. This is a post from HackRead.com Read the original post: Mélofée: The Latest Malware Targeting Linux Servers

By Deeba Ahmed The new MacStealer malware is being advertised on a notorious Russian hacker and cybercrime forum. This is a post from HackRead.com Read the original post: Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée. One of the artifacts is designed to drop a kernel-mode rootkit that's based on an open source project referred to as

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Console.jsp in the tools directory and gain full system access. Successful exploitation results in root command execution using sudo as user optergy.

An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization (DRDO), the research and development wing of India's Ministry of

By Deeba Ahmed The backdoors used in this campaign are never-before-seen malware strains called CommonMagic and PowerMagic. This is a post from HackRead.com Read the original post: New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 17 and March 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a