Skip to content

Gotham Security Daily Threat Alerts

by on October 31, 2014

October 28, The Register – (International) EvilToss and Sourface hacker crew ‘likely’ backed by Kremlin – FireEye. FireEye released a report on an advanced persistent threat (APT) actor dubbed APT28 stating that the group used the Sourface downloader and Chopstick and EvilToss malware to attack NATO, Eastern European governments, European defense industry events, the World Bank, and other national and international organizations. The researchers stated that APT28 has been active since 2007 and was likely backed by the Russian government. Source

October 28, Securityweek – (International) Attackers exploit ShellShock via SMTP to distribute malware. Binary Defense Systems researchers reported that attackers are leveraging the ShellShock vulnerability in GNU Bash to target servers by adding the ShellShock payload to email subject, from, and to fields, abusing the Simple Mail Transfer Protocol (SMTP). If a system is compromised, a Perl-based IRC bot is downloaded and the SMTP gateway is added to a botnet designed for distributed denial of service (DDoS) attacks. Source

October 28, IDG News Service – (International) ‘ScanBox’ keylogger targets Uyghurs, US think tank, hospitality industry. Researchers at PricewaterhouseCoopers found that the ScanBox keylogging framework may be being used by several attacker groups after it was found being used to perform keylogging attacks on a variety of Web sites, including a U.S. think tank and other sites. ScanBox was first discovered in August and uses JavaScript rather than installing malware to collect keystrokes and other information. Source

October 28, Softpedia – (International) Sophisticated Chinese espionage group after Western advanced technology. A group of security and information technology companies coordinated by Novetta released a report into an advanced persistent threat (APT) group dubbed Axiom Group that has used the Hikit malware family and other tools to target government agencies, law enforcement, aerospace, manufacturers, media, communications, pharmaceutical, energy, educational, and other institutions in the U.S. and several other countries since 2008. The researchers stated that the group originates in China and appears to choose targets in line with Chinese government policies. Source

October 27, Securityweek – (International) Targeted attacks against businesses jump: Kaspersky Lab. Kaspersky Labs and B2B International released the results of a survey covering 3,900 respondents in 27 countries and found that 94 percent of businesses surveyed reported at least one cybersecurity incident in the past 12 months, with 12 percent of the countries surveyed reporting one or more targeted attack, among other findings. Source


From → Security

Comments are closed.

%d bloggers like this: