Tag Archive for: Link

Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA

/in


ShadowPad Malware

Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country’s civilian and military intelligence agencies.

“ShadowPad is decrypted in memory using a custom decryption algorithm,” researchers from Secureworks said in a report shared with The Hacker News. “ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality.”

ShadowPad is a modular malware platform sharing noticeable overlaps to the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures.

Automatic GitHub Backups

While initial campaigns that delivered ShadowPad were attributed to a threat cluster tracked as Bronze Atlas aka Barium – Chinese nationals working for a networking security company named Chengdu 404 – it has since been used by multiple Chinese threat groups post 2019.

In a detailed overview of the malware in August 2021, cybersecurity company SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in Chinese espionage.” A subsequent analysis by PwC in December 2021 disclosed a bespoke packing mechanism – named ScatterBee – that’s used to obfuscate malicious 32-bit and 64-bit payloads for ShadowPad binaries.

The malware payloads are traditionally deployed to a host either encrypted within a DLL loader or embedded inside a separate file along with a DLL loader, which then decrypts and executes the embedded ShadowPad payload in memory using a custom decryption algorithm tailored to the malware version.

ShadowPad Malware

These DLL loaders execute the malware after being sideloaded by a legitimate executable vulnerable to DLL search order hijacking, a technique that allows the execution of malware by hijacking the method used to look for required DLLs to load into a program.

Select infection chains observed by Secureworks also involve a third file that contains the encrypted ShadowPad payload, which work by executing the legitimate binary (e.g.,…

Source…

Cyber Security Means Not Clicking On That Link

/in


COVID changed the way we used the internet. Whether for streaming TV, buying groceries, or video-calling, many people created new online digital accounts during the pandemic. As we spend more of our lives online, it’s increasingly important to keep information safe online.

October is Cybersecurity Awareness Month, and experts are urging consumers to protect their accounts. That includes being mindful at work where ransomware attacks on companies often happen when an employee clicks on a link that they shouldn’t have.

To find out what we all need to know, Eric Douglas spoke with Bill Gardner, a white-hat hacker and a cybersecurity professor at Marshall University. He says there is a tremendous demand for people trained in the field.

Douglas: October is Cyber Security month. Where did that come from?

thumbnail_Gardner3.jpeg

Cybersecurity professor and white-hat hacker, Bill Gardner.

Gardner: That was originally floated by the federal government because we need to do better with cybersecurity. Every breach we have is the worst one in history. Right? There’s things users can do to protect themselves, and that’s the whole thrust behind it.

Douglas: Let’s talk about the ever-escalating breaches for a minute. What’s going on for the average Joe? What should I know about my personal cybersecurity?

Gardner: From the top-down approach, agencies who work on this problem need to share data. And they’re not always doing it. We need to keep an eye on threat intelligence, who the bad actors are, so we can do a better job defending against them. As a person, it’s the same old adage. It really hasn’t changed a lot. Be suspicious of email when you don’t know where it’s coming from. If it sounds too good to be true, it probably is. If you get a text message from AT&T, go to the AT&T website or through the AT&T app to see if it’s legitimate or not.

If you’re expecting a package from Amazon, or through FedEx, don’t just click on links that are sent to you saying it’s been delayed. All those things are the things that hook you. We call it phishing. It hooks you into clicking on an attachment or going to a web page that’s compromised. If you look at breaches, probably 97…

Source…

UIDAI Reveals Direct Link To Lock Aadhaar Biometrics To Prevent Misuse: Check Steps Here

/in