Tag Archive for: Providers

China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

/in


A Chinese cyber-espionage actor likely connected with the “Operation Soft Cell” campaign has been targeting Middle East telecom providers since the beginning of 2023.

The new series of attacks are part of what SentinelOne researchers described as “Operation Tainted Love,” a cyber-espionage campaign exhibiting “a well-maintained, versioned credential theft capability” and a new dropper mechanism.

“The initial attack phase involves infiltrating internet-facing Microsoft Exchange servers to deploy web shells used for command execution,” wrote SentinelOne senior threat researcher Aleksandar Milenkoski in an advisory published earlier today. “Once a foothold is established, the attackers conduct a variety of reconnaissance, credential theft, lateral movement and data exfiltration activities.”

Milenkoski highlighted that the deployment of custom credential theft malware is the main novelty of the new campaign, which relies on malware incorporating modifications to the code of the Mimikatz post-exploitation tool.

Read more on threat actors using Mimikatz here: ShadowPad-Associated Hackers Targeted Asian Governments

A particular sample of the malware (dubbed mim221 by SentinelOne) also featured upgraded anti-detection features.

“The use of special-purpose modules that implement a range of advanced techniques shows the threat actors’ dedication to advancing its toolset towards maximum stealth,” Milenkoski explained.

The security researcher also clarified that while links to Operation Soft Cell are evident, the team could not directly link the campaign to a specific threat actor.

“That campaign has been publicly associated with Gallium, and possible connections to APT41 have been suggested by the use of a common code signing certificate and tooling that shares code similarities. APT41 is also known to target telecommunication providers.”

Either way, Milenkoski said the threat actors behind Operation Tainted Love would likely continue upgrading their malware and targeting organizations in the Middle East.

“These threat actors will almost certainly continue exploring and upgrading their tools with new techniques for evading detection, including…

Source…

Truly Free VPN Providers

/in


Free software? Who doesn’t like free software, right? Ah, well, that is a double-edged sword conundrum if there ever was one. You see, we all know that free things in life don’t come cheap (pun intended).

There is a reason why the phrase “there is no such thing as a free lunch” is so driven into popular culture and knowledge. This is because free things can often be risky or dangerous, and not what they seem! You’ll often be worse off with something free than if you paid for it yourself.

The same goes for software. Only a small portion of free software really works, is safe, and is worth downloading. Now, when it comes to protecting your internet connection with a network security solution like a VPN, or virtual private network, one should particularly not skimp or mess around there.

However, if the software has been approved by cybersecurity specialists and the IT community, why not use a free VPN?

Yes, you can definitely use a free VPN, just not any free VPN out there. The last thing you want is to route your precious devices and all of the sensitive information on them (as well as your, ahem, browsing history) through an untrusted solution. This could lead to all sorts of problems for you in the long run like identity theft, or sometimes, right away in the form of a malware infection.

Other times, free software you pick up on any old app store may just work and do what it says (if you are lucky) but the best-case scenario is that the software is going to be severely limited, or might paste you with ads and become unstable as you use it.

For these reasons, it is important to first look at what a VPN is technically, as well as what it can and cannot do. After familiarizing yourself with that section, we’ll take a look at the top, legitimate, and approved free VPN providers you can safely start using right now.

What is a VPN?

In order to protect your online activity and privacy, a virtual private network, or VPN as it is more commonly known, masks your real IP address and creates a secure, encrypted tunnel for internet access. No snoopers, trackers, or other curious parties will be able to connect your online activity to you.

A VPN helps you boost your internet…

Source…

WIP19, a new Chinese APT targets IT Service Providers and TelcosSecurity Affairs

/in


Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia.

SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia.

The experts believe the group operated for cyber espionage purposes and is a Chinese-speaking threat group.

The researchers pointed out that the cluster has some overlap with Operation Shadow Force, but uses new malware and different techniques.

The activity of the group is characterized by the usage of a legitimate, stolen digital certificate issued by a company called DEEPSoft, that was used to sign malicious code in an attempt to avoid detection.

“Almost all operations performed by the threat actor were completed in a “hands-on keyboard” fashion, during an interactive session with compromised machines. This meant the attacker gave up on a stable C2 channel in exchange for stealth.” reads the report published by SentinelOne.

“Our analysis of the backdoors utilized, in conjunction with pivoting on the certificate, suggest portions of the components used by WIP19 were authored by WinEggDrop, a well-known Chinese-speaking malware author who has created tools for a variety of groups and has been active since 2014.”

The researchers noticed that portions of the malicious components used by WIP19 were developed by a Chinese-speaking group tracked as WinEggDrop, who has been active since 2014.

WIP19 also seems to be linked to the Operation Shadow Force group due to similarities in the use of malicious artifact developed by WinEggDrop and tactical overlaps.

“As the toolset itself appears to be shared among several actors, it is unclear whether this is a new iteration of operation “Shadow Force” or simply a different actor utilizing similar TTPs.” continues the report. “The activity we observed, however, represents a more mature actor, utilizing new malware and techniques.”

The researchers linked an implant dubbed “SQLMaggie”, recently described by DCSO CyTec, to this activity.

Source…

Top 10 Best Managed Security Service Providers (MSSP) In India In 2023

/in


In 2023, the Top 10 Best Managed Security Service Providers in India are listed below.

What is a Managed Security Service Provider?

Information technology (IT) service providers who sell security services to organizations are known as managed security service providers (MSSPs).

An MSSP’s job is to assist in protecting businesses from security risks, whether that involves offering tools and services that safeguard corporate information or assembling a team of security specialists who can respond to breaches as they happen.

Managed Security Service Providers provide cybersecurity monitoring and management, which may include virus and spam blocking, firewalls, intrusion detection, and management of virtual private networks (VPN). MSSPs also handle matters such as modifications, system changes, and upgrades.

Why hire a Managed Security Service Provider?

The primary advantage of managed security services is the additional security personnel and expertise they provide.

While the Managed Security Service Provider interface maintains a constant line of communication and seamless reporting to the company, the flexibility of MSSPs to manage security operations from an off-site location enables organizations to operate business as usual with little disruption from security initiatives.

The MSSP ensures that enterprise IT is always up-to-date with the status of security issues, audits, and maintenance, allowing the hiring organization to concentrate on governance of security rather than administrative responsibilities.

A wide range of security services are being offered by MSSPs at present, from specialized services that focus on a specific component of the enterprise’s security to full outsourcing of security programs.

By outsourcing security, enterprises are often able to realize cost savings by eliminating the need to maintain a fully staffed, full-time, on-site IT security department. Many organizations also turn to MSSPs for faster deployment times and improved time-to-value on security investments.

Large enterprises especially benefit from MSSP services due to increased security threats. However, as security threats change, many small and medium-sized organisations (SMBs) can…

Source…