MooBot Botnet Attacks D-Link Routers

Experts have discovered that the MooBot botnet, built on the Mirai IoT malware, attacks vulnerable D-Link routers using a combination of old and new exploits against them. Let me remind you that we also talked about ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers, and also that Information security specialists disclosed details of five… Continue reading MooBot Botnet Attacks D-Link Routers

ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers

Lumen Black Lotus Labs has discovered a new Remote Access Trojan (RAT) called ZuoRAT, attacking remote workers’ routers in North America and Europe since 2020. The malware appeared in the first months of the COVID-19 pandemic but remained unnoticed for more than two years. The researchers write that the complexity of this targeted campaign, as… Continue reading ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers

The US Department of Justice Reports a Russian Botnet Dismantled

RSOCKS Russian Botnet Is No More as a Result of a Joint Operation According to the June 16 report by the US Department of Justice, the activity of a Russian botnet RSOCKS has been stopped in a joint operation by the US, German, Dutch, and British law enforcement agencies. RSOCKS is responsible for hacking millions… Continue reading The US Department of Justice Reports a Russian Botnet Dismantled

20 Dangerous Types of Cybersecurity Threats 2022

The cybersecurity threats in 2022 are more considerable than ever. Due to the emergence of efficient ransomware, coin miners, spyware, and so on, hacking has become a consistently profitable business. Knowing about cybersecurity threats is crucial because it livens up the safety measures. In addition, when you’re aware of what is up against you on… Continue reading 20 Dangerous Types of Cybersecurity Threats 2022

Shuckworm hackers attack Ukrainian organizations with new variant of Pteredo backdoor

Specialists from the cybersecurity company Symantec reported attacks by the cybercriminal group Shuckworm (Armageddon or Gamaredon) on Ukrainian organizations using a new version of the Pteredo (Pteranodon) custom backdoor. The group, linked by experts to Russia, has been carrying out cyber-espionage operations against Ukrainian government organizations since at least 2014. According to experts, the group… Continue reading Shuckworm hackers attack Ukrainian organizations with new variant of Pteredo backdoor

Emotet now installs Cobalt Strike beacons

The researchers warn that Emotet now directly installs Cobalt Strike beacons on infected systems, providing immediate access to the network for attackers. Those can use it for lateral movement, which will greatly facilitate extortion attacks. Let me remind you that usually Emotet installs TrickBot or Qbot malware on the victim’s machines, and that one already… Continue reading Emotet now installs Cobalt Strike beacons

Google Stops Glupteba Botnet and Sues Two Russians

Google representatives said that they stopped the work of the Glupteba botnet: they deleted the accounts, and also disabled the servers and domains associated with it. In addition, the company has filed a lawsuit against the Russians Dmitry Starovikov and Alexander Filippov, which are accused of creating and operating a botnet. According to an expert… Continue reading Google Stops Glupteba Botnet and Sues Two Russians

Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems

The developers of the DirtyMoe botnet (which was assessed as insignificant) added to it a worm-like spreading module, after which the malware infected more than 100,000 Windows systems. The DirtyMoe botnet which allegedly runs from China, has grown exponentially over the past year. If in 2020 it consisted of 10 thousand infected systems, then in… Continue reading Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems

TeamTNT mining botnet infected over 50,000 systems in three months

Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. The TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known… Continue reading TeamTNT mining botnet infected over 50,000 systems in three months

Prometei botnet attacks vulnerable Microsoft Exchange servers

Since the patches for ProxyLogon problems were still not installed, cybercriminals continue their activity, for example, the updated Prometei botnet attacks vulnerable Microsoft Exchange servers. Researchers from Cybereason Nocturnus discovered Prometei malware, which mines Monero cryptocurrency on vulnerable machines. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail… Continue reading Prometei botnet attacks vulnerable Microsoft Exchange servers