9/1/2023 0 Comments Signal 88 security pay![]() Researchers at the KnownSec 404 Team note that the activity, which also prospects some targets in Pakistan, shows some overlaps with SideWinder and the DoNot Team, both of which have also been associated with India.īleepingComputer reports that attackers are exploiting the BleedingPipe remote code execution vulnerability affecting many Minecraft mods running on Forge. The Hacker News reports that another group, "Patchwork," also believed to have ties to Indian operators, is deploying the EyeShell backdoor against Chinese universities and research institutes. Several reasons support this conclusion." While some security organizations initially identified the threat as originating from a mercenary group, our own analysis indicates that it is, in fact, an Indian APT group acting on behalf of one nation state government. "However, we can confirm that the target serves the interests of one nation state government. "We are unable to disclose the specific target location of the sensitive cyber-attack, due to its sensitivity and security concerns," the company's report says. Some observers have attributed the operation to "mercenaries," but CYFIRMA's report disagrees. ![]() The targets seem concentrated in South Asia, notably in Pakistan, and BleepingComputer says the activity is associated with an Indian government APT, Bahamut. The payload is believed to be an Android version of Coverlm, malware that captures call logs, texts, and geolocations. The researchers state, “Threat actors that are assessed to be leveraging Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments a sanctioned Israeli spyware vendor whose tools are known to target civilians several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines.”ĬYFIRMA researchers describe a cyberespionage campaign that uses a bogus app, "SafeChat," to install spyware into targeted Android devices. Specifically, the researchers point to the Cloudzy virtual private server (VPS) provider as “the common service provider supporting ransomware attacks and other cybercriminal endeavors.” Cloudzy is incorporated in the US, but the researchers believe the company “almost certainly operates out of Tehran, Iran – in possible violation of U.S. Researchers at Halcyon have published a report looking at command-and-control providers used by ransomware gangs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |