C2 Archives - Securezoo

H0lyGh0st ransomware actors target small and midsize businesses

Cybersecurity Attacks, Malware, Ransomware / By Frank Crast / July 17, 2022 July 17, 2022 / Andariel, BLTC.exe, BTLC_C.exe, C2, Cybersecurity Threat Center, DarkSeoul, DEV-0530, H0lyGh0st, HolyGhost, HolyLock.exe, HolyRS.exe, Microsoft, MSTIC, North Korea, Plutonium, Ransomware, SiennaBlue, SiennaPurple, Small Business, SMB

Security researchers from Microsoft warn threat actors from North Korea are using H0lyGh0st ransomware to target small and midsize businesses around the globe.

FontOnLake malware targets Linux systems

Cybersecurity Attacks, Malware / By Frank Crast / October 11, 2021 October 11, 2021 / Boost, C/C++, C2, ESET, FrontOnLake, Linux, malware, Poco, Protobuf, Trojan

A previously unknown malware family dubbed FontOnLake is targeting Linux systems. The malware is made up of “custom and well-designed modules.”

Sidewalk backdoor linked to Grayfly espionage group

Cybercrime, Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / By Frank Crast / September 13, 2021 September 13, 2021 / backdoor, C2, ESET, espionage, Exchange, Grayfly, malware, shellcode, Sidewalk

Researchers have recently discovered the Sidewalk modular backdoor has been linked to a Chinese Grayfly espionage group.

Justice Department seizes domains used in Nobelium spear-phishing attacks

Cybersecurity Attacks, Messaging Security, Phishing / By Frank Crast / June 2, 2021 June 2, 2021 / C2, DOJ, Microsoft, MSTIC, Nobelium, phishing, Spearphishing, U.S Department of Justice, USAID

The U.S. Justice Department has announced the seizure of domains used in Nobelium spear-phishing attacks previously identified by Microsoft last week.

New macOS malware linked to OceanLotus group

Cybersecurity Attacks, Malware / By Frank Crast / December 1, 2020 December 1, 2020 / APT, APT32, C2, macOS, malware, OceanLotus, payload

Security researchers have discovered a new macOS backdoor linked to the OceanLotus hacking group. The new malware variant has added new features such as new behavior and domain names.

SlothfulMedia: new malware variant used by “sophisticated actors”

Malware / By Frank Crast / October 2, 2020 October 2, 2020 / C2, CISA, CNMF, DOD, mediaplayer, RAT, SlothfulMedia

Security experts warned of a new malware variant dubbed SlothfulMedia has been used by a “sophisticated cyber actor.”

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks

Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Malware / By Frank Crast / October 2, 2020 October 2, 2020 / C2, COVID-19, GADOLINIUM, GitHub, KRYPTON, Microsoft, PowerSHell, ZINC

Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.

NSA and FBI: watch out for Russian malware Drovorub

Cybersecurity Attacks / By Frank Crast / August 14, 2020 November 2, 2020 / APT28, C2, Drovorub, Fancy Bear, FBI, GTsSS, Linux, malware, NSA, rootkit, Russia, STRONTIUM

The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity alert for a new Russian malware dubbed Drovorub.

Doki malware targets exposed Docker servers in the cloud

Cloud Security, Configuration Management, Cybersecurity Attacks / By Frank Crast / July 29, 2020 July 29, 2020 / blockchain, C2, Cloud, Container, Cryptocurrency, Docker, Intezer, Linux, Ngrok

Security researchers at Intezer Labs detected a new Linux malware dubbed “Doki” and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.

CStealer: a new Windows trojan password stealer

Malware, Password Management / By Frank Crast / November 30, 2019 January 25, 2020 / C2, Chrome, CStealer, malware, MalwareHunterTeam, MongoDB, Trojan

A new Windows trojan dubbed CStealer attempts to steal passwords from Chrome browser. The malware also uses a remote MongoDB server to store the stolen passwords.