Tag: backdoor
-
Russia-linked APT29 targets European diplomats with new malware
WINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
-
Over 16,000 Fortinet devices compromised with symlink backdoor
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/
-
China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks
Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/china-linked-hackers-brickstorm-backdoors-european-networks
-
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1
IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…
-
China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses
NVISO discovered new variants of the BRICKSTORM backdoor, initially designed for Linux, on Windows systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-hackers-brickstorm-backdoor/
-
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.”The controller could open a reverse shell,” Trend Micro researcher Fernando Mercês said in a technical report published earlier…
-
Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems
A sophisticated cyber espionage campaign leveraging the newly identified BRICKSTORM malware variants has targeted European strategic industries since at least 2022. According to NVISO’s technical analysis, these backdoors previously confined to Linux vCenter servers now infect Windows environments, employing multi-tiered encryption, DNS-over-HTTPS (DoH) obfuscation, and cloud-based Command & Control (C2) infrastructure to evade detection. The…
-
BRICKSTORM Backdoor Targets European Industries
In a recent technical expose, NVISO sheds light on BRICKSTORM, a stealthy espionage backdoor attributed to the China-nexus First seen on securityonline.info Jump to article: securityonline.info/brickstorm-backdoor-targets-european-industries/
-
European Companies Infected With New Chinese-Nexus Backdoor
Threat Actors Deploy Obfuscation Tactics to Targets Windows Machines. Likely Chinese nation-state hackers are targeting European companies using previously unseen malware backdoor variants with advanced network tunneling and evasion capabilities for data theft. Brussels-based security firm Nviso links the campaign to a threat actor tracked as UNC5221. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/european-companies-infected-new-chinese-nexus-backdoor-a-28009
-
Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats
Russia-backed APT29’s latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages, errr, victims, and delivers a novel backdoor, GrapeLoader. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/wine-inspired-phishing-eu-diplomats
-
BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks
A new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight as a stealthy and dangerous tool for compromising networks. According to security experts at Trend Micro, BPFDoor is a state-sponsored backdoor attributed to the advanced persistent threat (APT) group known as Earth Bluecrow (also referred to as Red Menshen). This malware…
-
Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access
Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. Update to… First seen on hackread.com Jump to article: hackread.com/fortinet-fixe-attackers-bypass-patches-maintain-access/
-
Ransomware-Attacken stoßen in Windows-Lücke
Tags: access, backdoor, bug, cve, cvss, cyberattack, exploit, kaspersky, malware, microsoft, ransomware, update, vulnerability, windowsCyberkriminelle missbrauchen eine Sicherheitslücke in Windows, um eine Backdoor-Malware und Ransomware einzuschleusen.Sicherheitsforscher von Microsoft haben eine Schwachstelle im CLFS-Treiber (Common Log File System) von Windows entdeckt, die Angreifern Systemrechte verleiht. Sie wird als CVE-2025-29824 geführt, die mit einem CVSS-Wert von 7,8 über einen hohen Schweregrad verfügt.Laut einem Blogbeitrag der Forscher wurde die Lücke bereits für…
-
Ihr werdet den Tag nie vergessen, an dem ihr FamousSparrow geschnappt habt
ESET Forscher decken Werkzeuge der APT-Gruppe FamousSparrow auf. Darunter sind zwei nicht dokumentierte Versionen der von der Gruppe entwickelten Backdoor “SparrowDoor”. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/ihr-werdet-den-tag-nie-vergessen-an-dem-ihr-famoussparrow-geschnappt-habt/
-
Dino-Malware Analyse eines weiteren Spionage-Cartoons
Nach Casper, Bunny und Babar haben wir einen weiteren Spionage-Cartoon entdeckt, der von seinen Entwicklern Dino genannt wird. Hierbei handelt es sich um einen ausgeklügelten Backdoor-Trojaner, der vermutlich von der bereits bekannten Hacker-Gruppe ‘Animal Farm” entwickelt wurde, die auch hinter den anderen Spionage-Cartoons stecken. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/06/30/dino-malware-analyse-eines-weiteren-spionage-cartoons/
-
UK-Apple backdoor hearing should be public, tribunal rules
First seen on scworld.com Jump to article: www.scworld.com/brief/uk-apple-backdoor-hearing-should-be-public-tribunal-rules
-
UK Loses Bid for Complete Secrecy Over Apple Backdoor Demand
Independent Tribunal Rules That at Least ‘Bare Details’ of Case Can Be Made Public. The British government has lost its bid to maintain absolute secrecy over its attempt to compel Apple to provide backdoor access to users’ encrypted data, ruled Britain’s independent Investigatory Powers Tribunal. Whether any further details will get released publicly remains unclear.…
-
Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube
The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/windows-hijacking-neptune-rat-telegram-youtube
-
Auto-Color Linux Backdoor: TTPs and Internal Architecture Exposed
A newly identified Linux backdoor named >>Auto-Color,
-
UK court lifts secrecy veil, confirms Apple is suing British government over ‘backdoor’ request
A UK court confirmed Apple is suing the British government over a legal order regarding the company’s encryption of iCloud accounts. First seen on therecord.media Jump to article: therecord.media/uk-court-confirms-apple-suing-over-backdoor-request
-
UK’s attempt to keep details of Apple ‘backdoor’ case secret”¦ denied
Last month’s secret hearing comes to light First seen on theregister.com Jump to article: www.theregister.com/2025/04/07/home_office_apple_backdoor/
-
Tribunal denies UK’s attempt to keep details of Apple ‘backdoor’ case secret
Last month’s secret hearing comes to light First seen on theregister.com Jump to article: www.theregister.com/2025/04/07/home_office_apple_backdoor/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with Nietzsche Analyzing New HijackLoader Evasion Tactics Malicious Python…
-
Multiple backdoors spread through fake AI, business tools
First seen on scworld.com Jump to article: www.scworld.com/news/multiple-backdoors-spread-through-fake-ai-business-tools
-
EU Pushes for Backdoors in EndEnd Encryption
European Commission Demands Law Enforcement Access to Data. The European Commission’s ProtectEU strategy aims to overhaul internal security, proposing law enforcement access to encrypted data by 2026 and a roadmap to explore lawful encryption backdoors and enhanced intelligence-sharing between EU member states and agencies to combat rising cyber threats. First seen on govinfosecurity.com Jump to…
-
FIN7 Uses Python-Based Anubis Backdoor in Windows Attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/fin7-uses-python-based-anubis-backdoor-in-windows-attacks
-
Anubis backdoor deployed in new Windows-targeted FIN7 attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/anubis-backdoor-deployed-in-new-windows-targeted-fin7-attacks