The World Hacking News

 A worrying new kind of software supply chain attack has surfaced, one that uses abandoned Amazon S3 buckets to spread malicious binaries to open source projects. Threat actors can now utilise these infected buckets to serve rogue binaries to unwitting users without changing the original modules themselves. Guy Nachshon, a Checkmarx researcher, has shed light on this attack vector and discovered that the malicious binaries are made to collect private data, such as user IDs, passwords, local machine environment variables, and local host names. The hijacked bucket is subsequently used to exfiltrate the stolen data, giving threat actors access to it for their own purposes. The attack was first identified in connection with the npm package bignum. Up until version 0.13.0 of the package, installation required downloading pre-built binary versions of the node-pre-gyp addon from an Amazon S3 bucket. However, a hostile third party has now claimed a defunct S3 bucket on which the binaries w...

Russian threat actor Shuckworm, a member of the Federal Security Service (FSB) of Russia, has stepped up its cyberattack campaign targeting Ukrainian organisations in an effort to infiltrate their environments and steal important data. According to a Symantec analysis, the most common targets of the current breaches, which started in February or March 2023, were security services, military, and governmental organisations.                               The cybersecurity firm disclosed that the Russian gang had carried out persistent breaches, some of which lasted as long as three months. During these attacks, Shuckworm's goal is to access sensitive data and exfiltrate it. Reports on the fatalities of Ukrainian service members, enemy engagements and airstrikes, reports on the inventory of the armament, reports on training, and more make up the targeted data. Shuckworm has been active at least since 2...

The General Staff Main Intelligence Directorate (GRU), according to Microsoft, is linked to Cadet Blizzard, a newly detected Russian threat actor. Due to its disruptive actions, the group's distinguishing designation has been given by the tech giant's Threat Intelligence division, which was previously tracking it as DEV-0586. Microsoft claims that despite Cadet Blizzard's high risk, it has less operational security than more established and sophisticated Russian outfits like Seashell Blizzard and Forest Blizzard.                                                             First discovered in January 2022, Cadet Blizzard committed in damaging cyberattacks against Ukraine, mainly employing a special malware called WhisperGate or PAYWIPE, a wiper. These assaults took place in the days before Russia's armed invasi...

It has been revealed that the LockBit ransomware-as-a-service (RaaS) group has extorted an incredible $91 million from numerous U.S. organisations since 2020 in a joint bulletin released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Centre (MS-ISAC), and other partner authorities from around the world. LockBit has become one of the most successful and cutting-edge ransomware operations to date as a result of this criminal spree, which significantly disrupted crucial infrastructure sectors.                                                             The bulletin provided insight into the inner workings of the LockBit cartel and was produced in partnership with agencies from Australia, Canada, Franc...

 Recently discovered payloads have been linked to the Romanian threat actor Diicot, according to cybersecurity specialists. The results revealed the group's growing capacity, particularly its potential to launch distributed denial-of-service (DDoS) attacks. The researchers point out the relevance of the name Diicot, which also corresponds to the Romanian organised crime and anti-terrorism enforcement unit. It was revealed in a technical report by Cado Security. The investigation also finds that materials from Diicot's efforts use language and imagery that allude to this group, suggesting a possible connection. Diicot, formerly known as Mexals, was first discovered by Bitdefender in July 2021 using a Go-based SSH brute-forcer tool named Diicot Brute to infiltrate Linux systems as part of a cryptojacking effort. Akamai revealed a resurgence of the group's activity in April of this year, which they suspect began around October 2022 and resulted in about $10,000 in illegal reve...

 Recent observations of the notorious threat actor ChamelGang deploying a previously unknown Linux implant represent a substantial increase of their capabilities. By using DNS-over-HTTPS (DoH) tunnelling, the recently found virus, known as ChamelDoH by cybersecurity company Stairwell, communicates and engages in destructive operations. Positive Technologies initially revealed ChamelGang in September 2021, outlining their attacks on crucial businesses in several nations. The specifics of ChamelDoH, its distinctive communication mechanism, and the shifting strategies used by ChamelGang are covered in this article.                                                  ChamelGang's Background and Attack Patterns: ChamelGang's actions, which hit the aviation, energy, and fuel industries in Russia, the U.S., India, Nepal, Taiwan, and Japan, were firs...

Ruslan Magomedovich Astamirov, a Russian national, has been charged by the U.S. Department of Justice (DoJ) for allegedly helping to spread the infamous LockBit ransomware. Between August 2020 and March 2023, Astamirov is suspected of planning many attacks on victims in the United States, Asia, Europe, and Africa. Authorities were able to link a portion of a victim's ransom payment to his virtual currency address, leading to his capture in Arizona last month. This article offers a thorough study of Astamirov's accusations, the LockBit ransomware's global effects, and the ongoing battle against hackers.                                                   Arrest and Charges: A 20-year-old man from the Chechen Republic named Ruslan Magomedovich Astamirov has been detained and charged in the United States for allegedly helping to spread the Lock...

 Since October 2022, a zero-day vulnerability in Barracuda Email Security Gateway (ESG) equipment has been exploited by an unknown cyber threat actor going by the handle UNC4841, who is thought to have connections to China. The gang has been waging a broad and aggressive espionage campaign against international organisations. The attack, the questioned vulnerability, the strategies used by UNC4841, and the overall effects of this cyber campaign are all thoroughly examined in this essay.                                                                                  The Zero-Day Vulnerability and Exploitation: The serious severity of the zero-day bug, CVE-2023-2868, is indicated by its CVSS score of 9.8. The Barracuda Email Security Gateway ...

Progress Software recently disclosed a number of serious vulnerabilities affecting their MOVEit Transfer tool. The business issued a warning that these flaws might result in data breaches, unauthorised access to the environment, and privilege escalations. The disclosure follows extortion strategies used by the Cl0p cybercrime organisation, which targeted businesses afflicted by the flaws. The specifics of the vulnerabilities, their possible effects on impacted organisations, and the broader ramifications for cybersecurity will all be covered in this article. Overview of MOVEit Transfer Vulnerabilities: Three flaws were found in the MOVEit Transfer programme by Progress Software. Two of these flaws were connected to SQL injection attacks, but the third has not yet been given a CVE number. The SQL injection flaws can be used to access the application's database without authorization. A similar risk of privilege escalation and unauthorised access to the environment is also present due...