Tag: powershell

The most notorious and damaging ransomware of all time

Mar 14, 2025 9:52 AM

Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windows

Conti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
Fake CAPTCHA Malware Exploits Windows Users to Run PowerShell Commands

Mar 13, 2025 10:52 AM

Tags: attack, captcha, cyber, data, exploit, malicious, malware, powershell, windows

In early February 2025, Trustwave SpiderLabs uncovered a resurgence of a malicious campaign leveraging fake CAPTCHA verifications to deliver malware. This campaign uses deceptive CAPTCHA prompts to trick users into executing PowerShell commands, initiating a multi-stage attack chain. The end goal is to deploy infostealer malware such as Lumma and Vidar, which exfiltrate sensitive data…
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts

Mar 10, 2025 8:54 PM

Tags: attack, breach, cyber, hacker, malicious, north-korea, phishing, powershell, tactics

North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks. These LNK files, often disguised as documents related to North Korean affairs or trade agreements, are distributed via phishing emails. Once opened, they trigger a multi-stage attack involving…
Lumma Stealer Using Fake Google Meet Windows Update Sites to Launch “Click Fix” Style Attack

Mar 8, 2025 6:53 AM

Tags: attack, cyber, cybersecurity, google, malicious, malware, powershell, social-engineering, tactics, update, windows

Cybersecurity researchers continue to track sophisticated >>Click Fix
Decrypting the Forest From the Trees

Mar 6, 2025 7:54 PM

Tags: api, computer, container, control, credentials, data, endpoint, least-privilege, microsoft, network, password, powershell, service, update

TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a managed client, service account credentials can be decrypted via the Administration Service API. Introduction While Duane Michael, Chris Thompson, and I were originally working on the Misconfiguration Manager project, one of the tasks I took…
InvokeADCheck New Powershell Module for Active Directory Assessment

Mar 6, 2025 7:54 PM

Tags: cyber, powershell, tool

Orange Cyberdefense has announced the development of InvokeADCheck, a new PowerShell module designed to streamline Active Directory (AD) assessments. Created by Niels Hofland and colleague Justin, this tool aims to address the challenges faced by IT administrators and security professionals in efficiently evaluating AD environments. Streamlining AD Assessment Process InvokeADCheck offers a comprehensive solution for…
We’re losing”Š”, “Šbut it can’t get any worse, right?

Mar 5, 2025 5:34 PM

Tags: access, ai, antivirus, api, attack, chatgpt, cloud, control, crowdstrike, cybersecurity, defense, detection, edr, encryption, github, infection, injection, korea, LLM, malicious, malware, mandiant, ml, monitoring, network, north-korea, openai, phishing, powershell, service, social-engineering, threat, tool

We’re losing”Š”, “Šbut it can’t get any worse, right? LLMs are being used in many ways by attackers; how blind are you? We’re spending hundreds of billions and losing trillions in cybersecurity. The industry structure is partially to blame. AI is here to help, right? Well, as others have pointed out, AI is being adopted more rapidly…
Getting the Most Value Out of the OSCP: The PEN-200 Course

Mar 4, 2025 6:34 PM

Tags: access, antivirus, attack, awareness, backdoor, cloud, compliance, conference, control, credentials, cve, cybersecurity, data, defense, detection, dos, edr, endpoint, exploit, github, gitlab, guide, hacker, hacking, jobs, kali, linkedin, linux, login, malicious, malware, mandiant, microsoft, network, ntlm, open-source, password, penetration-testing, powershell, programming, rce, remote-code-execution, risk, service, skills, software, tactics, theft, threat, tool, unauthorized, update, vmware, vulnerability, windows

In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course material for a successful career in ethical hacking. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
CISOs should address identity management ‘as fast as they can’ says CrowdStrike exec

Mar 4, 2025 12:34 AM

Tags: access, ai, attack, authentication, business, china, ciso, crowdstrike, cvss, cyberattack, disinformation, email, exploit, finance, government, identity, iran, jobs, malicious, malware, mfa, microsoft, network, north-korea, password, phishing, phone, powershell, russia, service, social-engineering, spam, switch, tactics, threat, tool, update, vulnerability

Breakout time, how long it takes for an adversary to start moving laterally across at IT network, reached an all-time low last year. The average fell to 48 minutes, while the fastest breakout time dropped to a mere 51 seconds;Voice phishing (vishing) attacks, where adversaries call victims to amplify their activities with persuasive social engineering…
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint

Mar 3, 2025 7:34 PM

Tags: access, attack, exploit, framework, malicious, microsoft, phishing, powershell

A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-clickfix-attack-deploys-havoc-c2-via-microsoft-sharepoint/
Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

Mar 3, 2025 3:34 PM

Tags: api, communications, control, cybersecurity, framework, hacker, malware, microsoft, open-source, phishing, powershell, threat

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc.”The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted,…
Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware

Mar 3, 2025 12:34 PM

Tags: antivirus, attack, cyber, cybersecurity, hacker, incident response, malware, microsoft, powershell

Cybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell and legitimate Microsoft applications to deploy malware without leaving significant traces on compromised systems. These sophisticated attacks, which have been around for over two decades, are proving particularly effective in bypassing traditional antivirus solutions and complicating incident response efforts. PowerShell…
New Undetectable Batch Script Uses PowerShell and Visual Basic to Install XWorm

Feb 26, 2025 9:23 AM

Tags: access, attack, cyber, detection, framework, malware, powershell, tool

A novel malware delivery framework employing advanced obfuscation techniques has evaded detection by security tools for over 48 hours. The attack chain centers around a Batch script that leverages PowerShell and Visual Basic Script (VBS) to deploy either the XWorm remote access trojan or AsyncRAT, marking a significant evolution in fileless attack methodologies, according to…
DeepSeek Lure Using CAPTCHAs To Spread Malware

Feb 25, 2025 7:23 PM

Tags: ai, attack, botnet, breach, captcha, cloud, control, credentials, crypto, cybercrime, data, detection, exploit, infrastructure, injection, international, login, malicious, malware, network, open-source, powershell, privacy, scam, service, technology, theft, threat, tool, windows

IntroductionThe rapid rise of generative AI tools has created opportunities and challenges for cybercriminals. In an instant, industries are being reshaped while new attack surfaces are being exposed. DeepSeek AI chatbot that launched on January 20, 2025, quickly gained international attention, making it a prime target for abuse. Leveraging a tactic known as brand impersonation,…
Russian cyberespionage groups target Signal users with fake group invites

Feb 19, 2025 7:46 PM

Tags: access, android, api, attack, communications, computer, cyber, cyberespionage, data, espionage, google, group, intelligence, linux, macOS, malicious, malware, military, mobile, password, phishing, phone, powershell, qr, russia, service, spyware, tactics, threat, ukraine, update, windows

QR codes provide a means of phishing Signal users: These features now work by scanning QR codes that contain the cryptographic information needed to exchange keys between different devices in a group or to authorize a new device to an account. The QR codes are actually representations of special links that the Signal application knows…
North Korean Hackers Leverage Dropbox and PowerShell Scripts to Breach Organizations

Feb 19, 2025 5:46 PM

Tags: breach, crypto, cyber, cyberattack, exploit, government, group, hacker, malware, north-korea, powershell, threat

A recent cyberattack campaign, dubbed >>DEEP#DRIVE,
North Korea’s Kimsuky Taps Trusted Platforms to Attack South Korea

Feb 19, 2025 4:46 PM

Tags: attack, detection, infrastructure, korea, north-korea, powershell

The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-koreans-kimsuky-attacks-rivals-trusted-platforms
Russian malware discovered with Telegram hacks for C2 operations

Feb 18, 2025 1:46 PM

Tags: access, backdoor, github, malware, powershell, russia, threat, unauthorized

Commands for code execution and persistence: The researchers said the backdoor currently accepts four C2 commands in total, which are sent to the Telegram channel via the Send package function, out of which one is yet to be implemented.The most critical is the “/cmd” command for executing PowerShell codes, which can allow unauthorized access to…
Ongoing Kimsuky Attack Campaign Exploits PowerShell, Dropbox

Feb 15, 2025 5:14 AM

Tags: attack, exploit, powershell

First seen on scworld.com Jump to article: www.scworld.com/brief/ongoing-kimsuky-attack-campaign-exploits-powershell-dropbox
PowerShell Exploited in New Kimsuky Intrusions

Feb 13, 2025 9:50 PM

Tags: exploit, powershell

First seen on scworld.com Jump to article: www.scworld.com/brief/powershell-exploited-in-new-kimsuky-intrusions
New Kimsuky Intrusions Exploiting PowerShell

Feb 13, 2025 9:50 PM

Tags: exploit, powershell

First seen on scworld.com Jump to article: www.scworld.com/brief/new-kimsuky-intrusions-exploiting-powershell
North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks

Feb 13, 2025 4:48 PM

Tags: attack, business, crypto, cyberattack, government, group, hacking, korea, north-korea, powershell, threat

A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors.The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail,…
DPRK hackers dupe targets into typing PowerShell commands as admin

Feb 12, 2025 8:55 PM

Tags: hacker, north-korea, powershell

North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dprk-hackers-dupe-targets-into-typing-powershell-commands-as-admin/
North Korea-linked APT Emerald Sleet is using a new tactic

Feb 12, 2025 2:55 PM

Tags: apt, intelligence, korea, microsoft, north-korea, powershell, threat

Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided…
Hackers Manipulate Users Into Running PowerShell as Admin to Exploit Windows

Feb 12, 2025 12:55 PM

Tags: cyber, cyberattack, data-breach, exploit, group, hacker, hacking, intelligence, microsoft, north-korea, powershell, social-engineering, tactics, threat, windows

Microsoft Threat Intelligence has exposed a novel cyberattack method employed by the North Korean state-sponsored hacking group, Emerald Sleet (also known as Kimsuky or VELVET CHOLLIMA). The group is exploiting social engineering tactics to deceive individuals into running PowerShell commands with administrative privileges, allowing them to infiltrate systems and pilfer critical information. Emerald Sleet’s new…
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

Feb 12, 2025 12:55 PM

Tags: cyberattack, exploit, government, hacker, korea, malicious, north-korea, powershell, threat

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them.”To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds…
New Microsoft script updates Windows media with bootkit malware fixes

Feb 6, 2025 5:05 AM

Tags: malware, microsoft, powershell, update, windows

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new “Windows UEFI CA 2023” certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-script-updates-windows-media-with-bootkit-malware-fixes/
Microsoft script updates bootable media for BlackLotus bootkit fixes

Feb 6, 2025 1:05 AM

Tags: microsoft, powershell, update, windows

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new “Windows UEFI CA 2023” certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-script-updates-bootable-media-for-blacklotus-bootkit-fixes/
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

Feb 5, 2025 3:12 PM

Tags: attack, banking, cyber, cyberattack, government, group, powershell, threat

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.”This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector,” Seqrite Labs researcher Subhajeet Singha said in a technical report…
Windows 10/11 KB5053484: Neues PS-Script für Zertifikate in Boot-Medien

Feb 5, 2025 8:12 AM

Tags: microsoft, powershell, windows

Microsoft hat gerade ein neues PowerShell-Script für Windows 10 und Windows 11 veröffentlicht, welches die Boot-Medien aktualisiert. Dadurch soll sichergestellt werden, dass das Windows UEFI CA 2023 Zertifikat in naher Zukunft akzeptiert wird. Das Ganze steht im Kontext zur Black … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/05/windows-10-11-kb5053484-neues-ps-script-fuer-zertifikate-in-boot-medien/