The original threat actor behind the Octo malware family has released a new variant, Octo2, with enhanced stability for remote action capabilities to facilitate Device Takeover attacks. This new variant targets European countries and employs sophisticated obfuscation techniques, including the…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus
The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gain unauthorized access to networks, affecting various industries and critical infrastructure sectors, demanding ransom payments for data release. The group’s recent…
Researchers Backdoored Azure Automation Account Packages And Runtime Environments
Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages. While base system-generated environments can’t be directly modified, they can be indirectly changed by adding packages to the old experience and then switching to the new…
TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data
The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges…
Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce
North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue for their regime, evading sanctions and funding WMD programs by exploiting privileged access to enable cyber intrusions. Facilitators, often non-North Koreans, assist these workers by laundering…
Beware Of Fake Verify You Are A Human Request That Delivers Malware
Researchers observed two distinct instances where users were inadvertently led to malicious websites after conducting Google searches for video streaming services. These victims were redirected to malicious URLs that employed a deceptive tactic while attempting to access sports or movie…
New Mallox Ransomware Linux Variant Attacking Enterprise Linux Servers
Kryptina RaaS, a free and open-source RaaS platform for Linux, initially struggled to attract attention. Still, after a Mallox affiliate’s staging server was leaked in May 2024, Kryptina’s modified version, branded Mallox v1.0, gained prominence. The research examines the data…
TeamTNT Hackers Attacking VPS Servers Running CentOS
TeamTNT is targeting CentOS VPS clouds with SSH brute force attacks. It has uploaded a malicious script that disables security, deletes logs, and modifies system files to kill existing miners, remove Docker containers, and redirect DNS to Google servers. The…
Open Source C3 Frameworks Used In Red Teaming Assessments Vulnerable To RCE Attacks
C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline the management of compromised systems, enable efficient collaboration, and evade detection by providing customizable behaviors. It is a toolset attackers use to control and manage compromised…
Microsoft Warns Of Vanilla Tempest Hackers Attacking Healthcare Sector
Microsoft has identified a new attack vector employed by the financially motivated threat actor Vanilla Tempest. This actor has been observed leveraging the INC ransomware to target healthcare organizations within the United States. Specifically, Vanilla Tempest is exploiting vulnerabilities in…