Established in 2006 as a Community of Reality

Welcome to the Neno's Place!

Neno's Place Established in 2006 as a Community of Reality


Neno

I can be reached by phone or text 8am-7pm cst 972-768-9772 or, once joining the board I can be reached by a (PM) Private Message.

Join the forum, it's quick and easy

Established in 2006 as a Community of Reality

Welcome to the Neno's Place!

Neno's Place Established in 2006 as a Community of Reality


Neno

I can be reached by phone or text 8am-7pm cst 972-768-9772 or, once joining the board I can be reached by a (PM) Private Message.

Established in 2006 as a Community of Reality

Would you like to react to this message? Create an account in a few clicks or log in to continue.
Established in 2006 as a Community of Reality

Many Topics Including The Oldest Dinar Community. Copyright © 2006-2020


    An internet gang targets legal and financial institutions and travel agencies with new malware

    Rocky
    Rocky
    Admin Assist
    Admin Assist


    Posts : 281148
    Join date : 2012-12-21

    An internet gang targets legal and financial institutions and travel agencies with new malware Empty An internet gang targets legal and financial institutions and travel agencies with new malware

    Post by Rocky Tue 10 Jan 2023, 5:27 am

    [size=45]An internet gang targets legal and financial institutions and travel agencies with new malware
    two hours ago[/size]

    [You must be registered and logged in to see this image.]

    Kaspersky experts were able to identify a version with new functionality of the Janicab malware, which is used by the DeathStalker gang, which specializes in advanced persistent threats, to infiltrate specific organizations in several sectors. The new version was spotted in regions of Europe and the Middle East, and it was found to be exploiting some official web services, such as YouTube, as part of the infection chain.
    Janicab infection can lead, for example, to targeted logistical and legal challenges, improving the standing of competitors, and unannounced audits that may reveal biases and abuses in the use of intellectual property, making its damages different from the traditional damages resulting from attacks such as digital extortion or ransom.
    Janicab can be considered modular malware written in an interpreted language, which means that the attacker is able to add functionality or include files, or remove them, with little effort. And it was clear from Kaspersky's remote readings that the latest Janicab versions have witnessed significant changes in their structural structure, with archive copies containing many files written in Python, and other pieces used later in the hacking process. This is despite the fact that the delivery mechanism is still based on phishing. Once the victim is deceived and the malicious file is opened, a series of malicious files are sequentially downloaded onto the system.
    One of the defining features of DeathStalker is its use of DDR services, or web services, to host an encrypted string that is later decrypted by a malware implant. According to a new report, Kaspersky was able to identify the use of old YouTube links that were present in intrusions that took place in 2021. The gang was able to operate undercover and repeatedly use its command-and-control architecture, given the difficulty of finding unlisted web links.

    • Unlisted YouTube DDR sample used in recent hacks


    The affected enterprises that fell within DeathStalker's traditional domain included primarily legal, financial and investment firms. But Kaspersky also recorded activity targeting travel agencies. Europe and the Middle East were considered ideal areas of operation for the gang, but to varying degrees between the countries of the two regions.
    Dr. Amin Hasebini, Head of the Research Center for the Middle East, Turkey and Africa in the global research and analysis team at Kaspersky, said that it can be safely assumed that the main objectives of the DeathStalker gang are to steal confidential information related to legal disputes related to VIPs and large financial assets, as well as commercial information that affects competitiveness, and information about mergers and acquisitions; This is given that legal and financial institutions are “a common target for this gang.” He added, "Organizations operating in these sectors must prepare for such breaches and update their threat models to ensure that data remains secure."
    Affected organizations should rely on application whitelisting and operating system hardening as effective methods to prevent intrusive attempts. This is because the gang continues to use interpreted language-based malware such as Python, VBE, and VBS in recent hacking attempts. Security agencies should also look for Internet Explorer browser actions that operate without a user interface, since Janicab uses the browser in stealth mode to communicate with the command-and-control infrastructure.

    [You must be registered and logged in to see this link.]

      Current date/time is Sat 23 Nov 2024, 5:53 am