Tag Archive for: potent

Researchers warn of two new variants of potent IcedID malware loader

/in


Security researchers have seen attack campaigns using two new variants of IcedID, a banking Trojan program that has been used to deliver ransomware in recent years. The two new variants, one of which appears to be connected to the Emotet botnet, are lighter compared to the standard one because certain functionality has been stripped.

“It is likely a cluster of threat actors is using modified variants to pivot the malware away from typical banking Trojan and banking fraud activity to focus on payload delivery, which likely includes prioritizing ransomware delivery,” researchers from Proofpoint said in a new report. “Additionally, based on artifacts observed in the codebase, timing, and association with Emotet infections, Proofpoint researchers suspect the initial developers of Emotet have partnered with IcedID operators to expand their activities including using the new Lite variant of IcedID that has different, unique functionality and likely testing it via existing Emotet infections.”

IcedID is favored by initial access brokers

IcedID first appeared in 2017 and at origin was a Trojan designed to steal online banking credentials by injecting rogue content into local browsing sessions — an attack known as webinject. From 2017 until last year, the Trojan’s codebase remained largely unchanged. However, some attacker groups started using it in recent years for its ability to serve as a loader for additional malware payloads than for its bank fraud capabilities.

During 2022 and 2023, Proofpoint has seen hundreds of attack campaigns using the IcedID Trojan and managed to link them to five distinct threat actors, most of which operate as initial access brokers, meaning they sell access into corporate networks to other cybercriminals, usually ransomware gangs.

A group that Proofpoint tracks as TA578 has been using IcedID since June 2020. Its email-based malware distribution campaigns typically use lures such as “stolen images” or “copyright violations”. The group uses what Proofpoint considers to be the standard variant of IcedID, but has also been seen delivering Bumblebee, another malware loader favored by initial access brokers.

Another group that uses the…

Source…

Ukraine says potent Russian hack against power grid thwarted – FOX23 News

/in


BOSTON — (AP) — Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from U.S. Cybercommand, which declined comment.

The Computer Emergency Response Team of Ukraine thanked Microsoft…

Source…

Ukraine says potent Russian hack against power grid thwarted – WSOC TV

/in


BOSTON — (AP) — Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from U.S. Cybercommand, which declined comment.

The Computer Emergency Response Team of Ukraine thanked Microsoft…

Source…

Ukraine Says Potent Russian Hack Against Power Grid Thwarted – NBC 5 Dallas-Fort Worth

/in


Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Ukraine’s eastern city of Kharkiv came under heavy shelling on Monday, causing multiple casualties and severe damage.

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers….

Source…