Home
[size=45]An internet gang targets legal and financial institutions and travel agencies with new malware
two hours ago[/size]
Kaspersky experts were able to identify a version with new functionality of the Janicab malware, which is used by the DeathStalker gang, which specializes in advanced persistent threats, to infiltrate specific organizations in several sectors. The new version was spotted in regions of Europe and the Middle East, and it was found to be exploiting some official web services, such as YouTube, as part of the infection chain.
Janicab infection can lead, for example, to targeted logistical and legal challenges, improving the standing of competitors, and unannounced audits that may reveal biases and abuses in the use of intellectual property, making its damages different from the traditional damages resulting from attacks such as digital extortion or ransom.
Janicab can be considered modular malware written in an interpreted language, which means that the attacker is able to add functionality or include files, or remove them, with little effort. And it was clear from Kaspersky's remote readings that the latest Janicab versions have witnessed significant changes in their structural structure, with archive copies containing many files written in Python, and other pieces used later in the hacking process. This is despite the fact that the delivery mechanism is still based on phishing. Once the victim is deceived and the malicious file is opened, a series of malicious files are sequentially downloaded onto the system.
One of the defining features of DeathStalker is its use of DDR services, or web services, to host an encrypted string that is later decrypted by a malware implant. According to a new report, Kaspersky was able to identify the use of old YouTube links that were present in intrusions that took place in 2021. The gang was able to operate undercover and repeatedly use its command-and-control architecture, given the difficulty of finding unlisted web links.
The affected enterprises that fell within DeathStalker's traditional domain included primarily legal, financial and investment firms. But Kaspersky also recorded activity targeting travel agencies. Europe and the Middle East were considered ideal areas of operation for the gang, but to varying degrees between the countries of the two regions.
Dr. Amin Hasebini, Head of the Research Center for the Middle East, Turkey and Africa in the global research and analysis team at Kaspersky, said that it can be safely assumed that the main objectives of the DeathStalker gang are to steal confidential information related to legal disputes related to VIPs and large financial assets, as well as commercial information that affects competitiveness, and information about mergers and acquisitions; This is given that legal and financial institutions are “a common target for this gang.” He added, "Organizations operating in these sectors must prepare for such breaches and update their threat models to ensure that data remains secure."
Affected organizations should rely on application whitelisting and operating system hardening as effective methods to prevent intrusive attempts. This is because the gang continues to use interpreted language-based malware such as Python, VBE, and VBS in recent hacking attempts. Security agencies should also look for Internet Explorer browser actions that operate without a user interface, since Janicab uses the browser in stealth mode to communicate with the command-and-control infrastructure.
[You must be registered and logged in to see this link.]
two hours ago[/size]
[You must be registered and logged in to see this image.]
Kaspersky experts were able to identify a version with new functionality of the Janicab malware, which is used by the DeathStalker gang, which specializes in advanced persistent threats, to infiltrate specific organizations in several sectors. The new version was spotted in regions of Europe and the Middle East, and it was found to be exploiting some official web services, such as YouTube, as part of the infection chain.
Janicab infection can lead, for example, to targeted logistical and legal challenges, improving the standing of competitors, and unannounced audits that may reveal biases and abuses in the use of intellectual property, making its damages different from the traditional damages resulting from attacks such as digital extortion or ransom.
Janicab can be considered modular malware written in an interpreted language, which means that the attacker is able to add functionality or include files, or remove them, with little effort. And it was clear from Kaspersky's remote readings that the latest Janicab versions have witnessed significant changes in their structural structure, with archive copies containing many files written in Python, and other pieces used later in the hacking process. This is despite the fact that the delivery mechanism is still based on phishing. Once the victim is deceived and the malicious file is opened, a series of malicious files are sequentially downloaded onto the system.
One of the defining features of DeathStalker is its use of DDR services, or web services, to host an encrypted string that is later decrypted by a malware implant. According to a new report, Kaspersky was able to identify the use of old YouTube links that were present in intrusions that took place in 2021. The gang was able to operate undercover and repeatedly use its command-and-control architecture, given the difficulty of finding unlisted web links.
- Unlisted YouTube DDR sample used in recent hacks
The affected enterprises that fell within DeathStalker's traditional domain included primarily legal, financial and investment firms. But Kaspersky also recorded activity targeting travel agencies. Europe and the Middle East were considered ideal areas of operation for the gang, but to varying degrees between the countries of the two regions.
Dr. Amin Hasebini, Head of the Research Center for the Middle East, Turkey and Africa in the global research and analysis team at Kaspersky, said that it can be safely assumed that the main objectives of the DeathStalker gang are to steal confidential information related to legal disputes related to VIPs and large financial assets, as well as commercial information that affects competitiveness, and information about mergers and acquisitions; This is given that legal and financial institutions are “a common target for this gang.” He added, "Organizations operating in these sectors must prepare for such breaches and update their threat models to ensure that data remains secure."
Affected organizations should rely on application whitelisting and operating system hardening as effective methods to prevent intrusive attempts. This is because the gang continues to use interpreted language-based malware such as Python, VBE, and VBS in recent hacking attempts. Security agencies should also look for Internet Explorer browser actions that operate without a user interface, since Janicab uses the browser in stealth mode to communicate with the command-and-control infrastructure.
[You must be registered and logged in to see this link.]
» MM&C 7/4/24 Tabaqchali: An Unfolding Structural Economic Transformation in Iraq
» utube 7/4/24 MM&C IQD Updates - Iraqi Dinar - Relations w / Baghdad & Kurdistan - Good - Financial
» utube 7/2/24 MM&C IQD Update Part 2 - Iraqi Dinar - Automation for Revenues - Singapore Agreement
» utube 7/2/24 MM&C part 1 Iraqi DinarPart 1 - IQD Update - Progession of Intergr
» MM&C 7/2/24 The dollar in the parallel market.. Al-Sudani’s advisor presents a different vision and
» Al-Sudani: Iraq's growth rate is the highest in the region and we have made significant progress in
» What terrified Barzani and prompted him to visit Baghdad?
» Barzani to ambassadors of 8 countries: Taking into consideration the interest of Iraq and the region
» Trade participates in the preparatory meeting of the Iraqi-Jordanian Committee
» The most prominent of which is the decision of the Central Bank.. Three reasons behind the rise of t
» Baghdad buildings.. apartments rising quickly and prices soaring even higher
» Al-Sudani stresses the importance of the public sector's role in implementing government priorities
» Today.. Central Bank sales record more than 280 million dollars
» Parliamentary movement to cancel decisions of the dissolved Revolutionary Command Council
» Sudanese advisor reveals the reason for the rise in the dollar price
» The Slums Law is in the Government’s Halls and Parliament is Waiting for Its Arrival.. MP Speaks to
» Oil confirms achieving advanced rates in gas investment
» Economist: Increased demand for electricity prompts us to look for “urgent solutions” to generate po
» When will you leave the country? ... Iraq demands and America procrastinates
» Demand for Al-Sudani to reveal the results of the investigations into the assassination of Al-Nasr l
» Parliamentary Committee: The Ministry of Education’s budget is small and does not live up to the lev
» Iraq announces drilling and reclaiming 105 oil wells during the first half of the year
» For the fourth day.. Dollar prices continue to rise in Baghdad and Erbil
» In the presence of Massoud Barzani .. Sunni forces hold a "decisive" meeting to resolve the crisis o
» "Short-term".. Al-Sudani's advisor explains the reasons for the continued rise in the exchange rate
» During 2024.. Petroleum Products Counts Gas Fuel Consumption Quantities for Cars
» Iran, Turkmenistan officially sign gas swap agreement to supply to Iraq
» Parliamentary Committee Identifies a “Fundamental Problem” Facing the Oil and Gas Law.. How Can It B
» "We have not chosen the company to implement the project yet." Baghdad Municipality reveals the late
» Iraq is the third country in which Türkiye has implemented the most projects in half a century
» Iraq decides to introduce artificial intelligence in this field
» Plan to convert oil refineries to environmentally friendly
» Baghdad Airport Expansion to 9 Million Passengers Annually
» Basra pursues land contract fraud
» Government policy to control the state's public finances
» Advisor: Iraq aspires to lead the Fourth Industrial Revolution
» Baghdad Council threatens to confiscate illegal generators
» Iraqi Creatives Museums and Cultural Centers
» Oil: Gas investment reached 62%
» Barzani in Baghdad
» World Bank: Iraq is among the middle-income countries
» Experts praise agricultural policies and call for supporting farmers
» The Ministry of Interior issues ID cards to owners of "positive content"
» Minister of Labor: Anbar's share of police contracts is 2,377 beneficiaries
» The Minister of Labor holds social researchers morally responsible and assigns them two basic tasks
» Kurdistan Finance announces the start of distributing salaries for these categories next Sunday
» Judge Zidane visits the Supreme and Constitutional Courts of Azerbaijan
» Coordination Framework: The coming days will witness the "birth" of the Diyala local government
» An economist explains the reasons for the dollar’s rise and sets a condition for its decline - Urg
» Investment Authority announces the processing of 249 stalled projects
» Final statement of the meeting of the General Secretariat of the Union, June 29-30, 2024.. Baghdad S
» Chief Justice describes President Barzani’s visit to Baghdad as “important and historic”
» Masrour Barzani welcomes the Federal Court’s decision: It will strengthen confidence in the relation
» Kurdistan Council of Ministers discusses equalizing the salaries of retirees in the region with thei
» President Barzani after meeting with Al-Sudani: We had a constructive dialogue and will continue coo
» Al-Sudani's financial advisor reveals the reason for the continued rise of the dollar and confirms:
» Barzani reveals the goals of his visit to Baghdad: There is an intention to resolve the differences
» The Turkish army penetrates into Iraqi territory with Baghdad's approval!
» The Regional Council of Ministers discusses unifying the salaries of its retirees with the center
» Two countries sign a contract on gas supplied to Iraq
» Communications: Cable contracts will improve internet service in Iraq
» Interior Ministry reveals two “strategies” regarding social media
» Will social security guarantee the rights of workers and earners? An economist answers
» Al-Sudani receives a group of sheikhs and dignitaries of the Zubaa tribe in Baghdad
» Discussing the file of the international coalition and the presidency of parliament.. Details of the
» Experts: Coordination between the center and the region is necessary to find a solution to the Turki
» Problems still exist.. Government expects camps to close a month after the scheduled date
» The dollar soars in Baghdad markets, exceeding the 149 barrier
» Iraqi graduation research included in international databases
» Compliance or arrest.. Baghdad Council issues final warning to private generator owners
» With water scarcity, desertification is growing in Iraq!
» With the increasing demand for it.. Petroleum Products opens 3 new outlets for LPG
» Generator owners in Baghdad violate government decisions and raise prices!
» Barzani and Mandalawi discuss the issue of electing the Speaker of Parliament
» Despite the rise in the dollar, Saleh: The parallel market today is not important
» Securities Commission: The government has successfully completed the sale of financial bonds
» Ankara: We are working with Iraq to develop a plan to deal with the water file and eliminate all cha
» Minister of Communications: Cable contracts will improve internet service in Iraq
» Iraq reinforces its borders with Syria with 13 additional military regiments
» Kurdistan responds to a letter from the Federal Court about localizing its employees’ salaries
» Parliamentary Finance: The remaining months are not enough to disburse budget funds
» Investment Authority announces the processing of 249 stalled projects
» Today.. The Central Bank sells only about 15 million dollars domestically
» Rafidain Bank announces completion of 3288 loan transactions for projects and real estate during the
» Israel fabricates justifications for attacks on Iraq
» Tribal Conflicts: When Laws Are Silent and Guns Speak
» Obelisk Hour: Will the Kurdistan Region Turn into “Southern Türkiye” Instead of “Northern Iraq”?
» Al-Sudani to Barzani: We have made significant progress in building trust between the central and re
» National Security at Stake: $670 Million Defense Contract with Corrupt Thales
» Barzani discusses in Baghdad common files with the State Administration Alliance
» Al-Halbousi's ambition to be the "Barzani of Anbar" clashes with the rejection of the people of his
» More than $260 million in foreign transfers to the Central Bank of Iraq in today's auction
» Al-Sudani's advisor explains: Has the government adopted a new approach to activate the private sect
» Al-Sudani: We have overcome the inherited problems with the Kurdistan Region
» Parliamentary Culture confirms its determination to legislate the Right to Access Information Law in
» The President of the Supreme Judicial Council receives the President of the Bar Association to discu
» Parliamentary confirmation to encourage Finnish companies to work in Iraq
» Ministry of Planning: A government delegation is holding negotiations in Berlin with the German side