Tag: backdoor
-
Operation SkyCloak Targets Russian/Belarusian Military With LNK Exploit and OpenSSH Over Tor Backdoor
The post Operation SkyCloak Targets Russian/Belarusian Military With LNK Exploit and OpenSSH Over Tor Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-skycloak-targets-russian-belarusian-military-with-lnk-exploit-and-openssh-over-tor-backdoor/
-
Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor
The post Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/sandworm-apt-attacks-belarus-military-with-lnk-exploit-and-openssh-over-tor-obfs4-backdoor/
-
Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor
The post Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/sandworm-apt-attacks-belarus-military-with-lnk-exploit-and-openssh-over-tor-obfs4-backdoor/
-
Hackers Hide SSHTor Backdoor Inside Weaponized Military Documents
In October 2025, cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated malware campaign distributing weaponized ZIP archives disguised as military documents. The attack specifically targeted Belarusian military personnel through a lure document titled >>ТЛГ на убытие на переподготовку.pdf
-
Kimsuky and Lazarus Hackers Deploy New Backdoor Tools for Remote Access Attacks
North Korean state-sponsored threat actors have escalated their cyber operations with the deployment of sophisticated new malware variants designed to establish persistent backdoor access to compromised systems. Recent investigations by threat intelligence researchers have uncovered two distinct toolsets from prominent DPRK-aligned hacking groups: Kimsuky’s newly identified HttpTroy backdoor and an upgraded version of Lazarus’s BLINDINGCAN…
-
Massive Tata Motors Data Leak Exposes 70+ TB of Sensitive Information
Tata Motors, India’s largest automaker and a major player in the global automotive industry, suffered a catastrophic data exposure that revealed over 70 terabytes of sensitive information through multiple security failures. The breaches, discovered in 2023, involved exposed AWS credentials on public-facing websites, encrypted keys that were easily decrypted, a Tableau backdoor with zero authentication…
-
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations
Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threatAdvanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
-
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations
Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threatAdvanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
-
âš¡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
Security, trust, and stability, once the pillars of our digital world, are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior.Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than…
-
Data sovereignty proof: How to verify controls like ‘Project Texas’
“Verification regimes work best when they serve everyone’s interests. The reporting company wants a process that does not impose too many burdens or interrupt workflow while allowing it to demonstrate compliance. Oversight bodies want hard data that is difficult to fake and indicates adherence to the regime. Finally, these systems need to be simple enough…
-
Data sovereignty proof: How to verify controls like ‘Project Texas’
“Verification regimes work best when they serve everyone’s interests. The reporting company wants a process that does not impose too many burdens or interrupt workflow while allowing it to demonstrate compliance. Oversight bodies want hard data that is difficult to fake and indicates adherence to the regime. Finally, these systems need to be simple enough…
-
Week in review: Actively exploited Windows SMB flaw, trusted OAuth apps turned into cloud backdoors
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most AI privacy research looks the wrong way Most research on LLM privacy has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/26/week-in-review-actively-exploited-windows-smb-flaw-trusted-oauth-apps-turned-into-cloud-backdoors/
-
Telegram Messenger Abused by Android Malware to Seize Full Device Control
Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has already infected more than 58,000 devices worldwide, with approximately 20,000 active infections currently being monitored. This threat represents a significant escalation in mobile malware…
-
Telegram Messenger Abused by Android Malware to Seize Full Device Control
Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has already infected more than 58,000 devices worldwide, with approximately 20,000 active infections currently being monitored. This threat represents a significant escalation in mobile malware…
-
Souverän in der Cloud: Adfinis und enclaive sichern die Software Supply Chain
Adfinis, ein international agierender IT-Dienstleister für Open-Source-Lösungen, und das deutsche Confidential-Computing-Unternehmen enclaive geben ihre neue Partnerschaft bekannt. Die Kooperation kombiniert moderne Verschlüsselungstechnologien mit einem durchgängigen IT-Lifecycle-Ansatz und stärkt die Sicherheit und Souveränität in Cloud-Umgebungen. Cyberattacken zielen immer häufiger auf die Software-Lieferkette: Angreifer schleusen Backdoors, Malware oder Schwachstellen in Open-Source-Komponenten ein, um sich später Zugang… First…
-
Souverän in der Cloud: Adfinis und enclaive sichern die Software Supply Chain
Adfinis, ein international agierender IT-Dienstleister für Open-Source-Lösungen, und das deutsche Confidential-Computing-Unternehmen enclaive geben ihre neue Partnerschaft bekannt. Die Kooperation kombiniert moderne Verschlüsselungstechnologien mit einem durchgängigen IT-Lifecycle-Ansatz und stärkt die Sicherheit und Souveränität in Cloud-Umgebungen. Cyberattacken zielen immer häufiger auf die Software-Lieferkette: Angreifer schleusen Backdoors, Malware oder Schwachstellen in Open-Source-Komponenten ein, um sich später Zugang… First…
-
Microsoft stoppt Ransomware-Angriffe auf Teams-Nutzer
Eine Ransomware-Bande hat gefälschte MS Teams-Installationsprogramme verwendet, um Nutzer anzugreifen.Durch die zunehmende Verbreitung von Remote-Work geraten Collaboration-Tools immer wieder in das Visier von Cyberkriminellen. Microsoft entdeckte vor kurzem eine Angriffskampagne der Ransomware-Bande Vanilla Tempest, die auf gefälschten Teams-Installationsprogrammen basiert. Die Angreifer verwendeten dazu imitierte MSTeamsSetup.exe-Dateien, die auf bösartigen Domains gehostet wurden. Ziel war es, ahnungslose…
-
Phishing campaign across Mideast, North Africa is attributed to Iranian group
The well-known Iranian cyber-espionage operation tracked as MuddyWater spread backdoor malware in recent months through a compromised email account, researchers said. First seen on therecord.media Jump to article: therecord.media/iran-muddywater-phishing-campaign-north-africa-middle-east
-
New Malware Toolkit from MuddyWater Delivers Phoenix Backdoor to Global Targets
Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign orchestrated by the Iran-linked Advanced Persistent Threat group MuddyWater, targeting international organizations worldwide to gather foreign intelligence. The campaign demonstrates the threat actor’s evolving tactics and enhanced operational maturity in exploiting trusted communication channels to infiltrate high-value targets. MuddyWater launched the operation by accessing a compromised…
-
Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node
The post Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iran-linked-muddywater-deploys-phoenix-v4-backdoor-via-compromised-emails-and-nordvpn-exit-node/
-
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iranian-hackers-targeted-over-100-govt-orgs-with-phoenix-backdoor/
-
Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks
South Asian hacking group Bitter (APT-Q-37) is deploying a C# backdoor using two new methods: a WinRAR flaw and malicious Office XLAM files, targeting government and military sectors. First seen on hackread.com Jump to article: hackread.com/bitter-apt-winrar-vulnerability-backdoor-attacks/
-
F5 BIG-IP Source Code Leak Tied to State-Linked Campaigns Using BRICKSTORM Backdoor
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/f5-big-ip-source-code-leak-tied-to-state-linked-campaigns-using-brickstorm-backdoor
-
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities.The end goal of the campaign is to infiltrate high-value targets and…
-
MuddyWater Targets 100+ Gov Entities in MEA with Phoenix Backdoor
The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/muddywater-100-gov-entites-mea-phoenix-backdoor
-
Attackers turn trusted OAuth apps into cloud backdoors
Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/22/attackers-turn-trusted-oauth-apps-into-cloud-backdoors/
-
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
In a newly uncovered campaign, the threat group known as Bitter”, also tracked as APT-Q-37″, has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat Intelligence Center warn that this dual-pronged attack illustrates the group’s evolving tactics and…
-
Self-propagating worm found in marketplaces for Visual Studio Code extensions
Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, wormMarketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
-
PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor
The post PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/passiveneuron-cyberespionage-resurfaces-apt-abuses-ms-sql-servers-to-deploy-stealthy-neursite-backdoor/
-
Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro
The post Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bitter-apt-attacks-china-pakistan-with-winrar-zero-day-and-new-c-backdoor-via-office-macro/