Tag: backdoor

CAPI Backdoor targets Russia’s auto and e-commerce sectors

Oct 20, 2025 4:43 PM

Tags: backdoor, cybersecurity, malware, russia

A new campaign targets Russia’s auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. >>SEQRITE Labs Research Team has recently uncovered a…
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Oct 18, 2025 2:08 PM

Tags: attack, backdoor, cybersecurity, email, malware, phishing, russia

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor.According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is based…
Government considered destroying its data hub after decade-long intrusion

Oct 18, 2025 5:07 AM

Tags: access, backdoor, breach, china, data, detection, endpoint, exploit, government, group, Hardware, incident response, infrastructure, network, risk, spy, supply-chain, threat, tool, vpn, vulnerability

Bridewell, a supplier to the UK government critical network infrastructure, endorsed the severity of this approach. He said, “it’s like when a device is compromised, the only way to truly be sure there are no remnants, or unidentified backdoors is to restore the asset to a known good state. In the physical realm, in particular…
North Korean threat actors turn blockchains into malware delivery servers

Oct 18, 2025 12:07 AM

Tags: api, apt, attack, backdoor, blockchain, browser, chrome, crypto, cybercrime, cyberespionage, data, framework, google, group, infection, jobs, korea, linkedin, malicious, malware, north-korea, service, social-engineering, software, threat, update, windows, wordpress

Used in North Korean fake recruitment campaigns: As opposed to other nation-state actors, North Korean APT groups are known to conduct cybercriminal activity in addition to cyberespionage, because their goal includes gathering funds for the regime.One way they do this is by stealing cryptocurrency from companies and individuals. Between 2017 and 2023, it is estimated…
North Korean threat actors turn blockchains into malware delivery servers

Oct 18, 2025 12:07 AM

Tags: api, apt, attack, backdoor, blockchain, browser, chrome, crypto, cybercrime, cyberespionage, data, framework, google, group, infection, jobs, korea, linkedin, malicious, malware, north-korea, service, social-engineering, software, threat, update, windows, wordpress

Used in North Korean fake recruitment campaigns: As opposed to other nation-state actors, North Korean APT groups are known to conduct cybercriminal activity in addition to cyberespionage, because their goal includes gathering funds for the regime.One way they do this is by stealing cryptocurrency from companies and individuals. Between 2017 and 2023, it is estimated…
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses

Oct 17, 2025 11:07 PM

Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerability

F5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

Oct 17, 2025 1:07 PM

Tags: backdoor, cybercrime, group, microsoft, threat

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active…
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

Oct 17, 2025 1:07 PM

Tags: backdoor, cybercrime, group, microsoft, threat

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active…
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

Oct 17, 2025 9:09 AM

Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerability

Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Oct 17, 2025 9:09 AM

Tags: backdoor, intelligence, malicious, microsoft, ransomware, threat

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a…
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

Oct 17, 2025 9:09 AM

Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerability

Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
F5 Security Incident Advisory

Oct 17, 2025 9:09 AM

Tags: access, advisory, application-security, attack, authentication, awareness, backdoor, best-practice, breach, china, cisa, compliance, control, corporate, cve, cvss, cybersecurity, data, data-breach, defense, detection, dos, endpoint, espionage, exploit, finance, flaw, government, group, guide, hacker, Hardware, identity, infrastructure, Internet, Intruder, malicious, malware, mitigation, monitoring, network, phishing, PurpleTeam, radius, rce, remote-code-execution, risk, risk-assessment, security-incident, service, software, strategy, technology, theft, threat, training, unauthorized, update, vulnerability, zero-day, zero-trust

Executive SummaryOn October 15, 2025, F5 Networks publicly disclosed a serious security breach involving a nation-state threat actor. The intruders maintained long-term, persistent access to F5’s internal systems”, specifically the BIG-IP product development environment and engineering knowledge management platforms. F5 first detected unauthorized activity on August 9, 2025, but delayed public disclosure until mid-October as directed by…
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Oct 16, 2025 6:07 PM

Tags: backdoor, infrastructure, linux, service

An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv.”This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other…
Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor

Oct 16, 2025 10:07 AM

Tags: apt, backdoor, data

The post Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/mysterious-elephant-apt-campaign-targets-south-asian-diplomacy-steals-whatsapp-data-with-new-memloader-backdoor/
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

Oct 16, 2025 8:07 AM

Tags: backdoor, cyber, cyberattack, cybercrime, group, malicious, microsoft, ransomware, threat

Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which were designed to deliver the Oyster backdoor and deploy Rhysida ransomware on victim systems. Discovery…
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

Oct 16, 2025 8:07 AM

Tags: backdoor, cyber, cyberattack, cybercrime, group, malicious, microsoft, ransomware, threat

Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which were designed to deliver the Oyster backdoor and deploy Rhysida ransomware on victim systems. Discovery…
China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Oct 16, 2025 5:07 AM

Tags: access, apt, backdoor, china

The post China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-backed-flax-typhoon-apt-maintained-year-long-access-by-turning-arcgis-soe-into-web-shell-backdoor/
Chinese gang used ArcGIS as a backdoor for a year and no one noticed

Oct 15, 2025 11:14 PM

Tags: backdoor, china, malware, software

Crims turned trusted mapping software into a hideout – no traditional malware required First seen on theregister.com Jump to article: www.theregister.com/2025/10/14/chinese_hackers_arcgis_backdoor/
Backdoor MiniJunk und Stealer MiniBrowse – Iranische Gruppe greift Verteidigungs- und Luftfahrtindustrie in Europa an

Oct 15, 2025 4:54 PM

Tags: backdoor

First seen on security-insider.de Jump to article: www.security-insider.de/iranische-hackergruppe-nimbus-manticore-erweitert-angriffe-europa-a-10b405b20d7c842a2222ec14e364b7a5/
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions

Oct 15, 2025 11:54 AM

Tags: backdoor, crypto, cyber, hacker, malicious, marketplace, threat

Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source code, mine cryptocurrency, and establish remote backdoors for complete system control. A newly identified threat actor known as TigerJack has…
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

Oct 15, 2025 10:54 AM

Tags: apt, backdoor, china, cyberespionage, exploit, group, service

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like…
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Oct 14, 2025 7:24 PM

Tags: backdoor, china, exploit, government, group, hacker, hacking, threat

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year.The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to…
Court dismisses Apple’s appeal against Home Office backdoor

Oct 14, 2025 3:24 PM

Tags: apple, backdoor, office

Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632561/Apple-and-Home-Office-agree-to-drop-legal-claim-over-encryption-backdoor
SonicWall VPNs face a breach of their own after the September cloud-backup fallout

Oct 14, 2025 11:23 AM

Tags: access, advisory, attack, authentication, backdoor, backup, breach, cloud, control, credentials, exploit, flaw, group, login, mfa, ransomware, threat, vpn, windows

What defenders should watch out for: Huntress highlighted that, in a few cases, successful SSLVPN authentication was followed by internal reconnaissance traffic or access attempts to Windows administrative accounts. Additionally, logins originating from a single recurring public IP may suggest a coordinated campaign rather than random credential reuse.On top of the steps outlined in SonicWall’s…
The solar power boom opened a backdoor for cybercriminals

Oct 14, 2025 7:23 AM

Tags: attack, backdoor, control, cybercrime, risk, service, software

Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/14/solar-power-systems-cyber-threats/
The solar power boom opened a backdoor for cybercriminals

Oct 14, 2025 7:23 AM

Tags: attack, backdoor, control, cybercrime, risk, service, software

Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/14/solar-power-systems-cyber-threats/
Apple and Home Office agree to drop legal claim over encryption backdoor

Oct 13, 2025 5:23 PM

Tags: apple, backdoor, encryption, office

Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632561/Apple-and-Home-Office-agree-to-drop-legal-claim-over-encryption-backdoor