• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Truebot Malware Activity Increases With Possible Evil Corp Connections

You are here: Home / General Cyber Security News / Truebot Malware Activity Increases With Possible Evil Corp Connections
December 9, 2022

Menace team Silence has been noticed infecting an growing range of equipment making use of Truebot malware.

The findings come from Cisco Talos researchers, who have also recommended a connection between Silence and the infamous hacking group Evil Corp (tracked by Cisco as TA505).

In accordance to an advisory released on Thursday, the strategies observed by the organization have resulted in the generation of two botnets: 1 with infections dispersed all over the world (particularly in Mexico and Brazil) and a far more the latest just one centered on the US.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Though we will not have adequate details to say that there is a specific emphasis on a sector, we seen a quantity of compromised education sector organizations,” reads the advisory.

Cisco Talos threat researcher Tiago Pereira believes Truebot to be a precursor to other threats that are regarded to have been liable for attacks primary to high losses. 

“Audience really should take into consideration this as an original phase of what can be a severe attack, and preserve in brain that the attackers reveal agility in incorporating new delivery vectors,” Pereira claimed. 

Even further, Cisco Talos spelled out that Silence is not simply expanding its targets but also advancing from working with destructive e-mail as its principal shipping and delivery method to new methods.

“In Oct, a larger sized quantity of infections leveraged Raspberry Robin, a latest malware unfold by way of USB drives, as a supply vector. We feel with reasonable confidence that throughout November, the attackers started out working with yet another way to distribute the malware,” the corporation wrote.

The technological compose-up also indicates that put up-compromise activity integrated information theft and the execution of Clop ransomware.

“While investigating 1 of these attacks, we discovered what seems to be a thoroughly highlighted custom facts exfiltration device, which we are contacting ‘Teleport,’ that was extensively applied to steal information during the attack.”

Teleport was developed in C++ and contained a number of options to strengthen the method of information exfiltration, including restricting the upload velocity and file size, encrypting communications with a custom made protocol and the ability to delete itself after use.

For the duration of its investigation, Cisco Talos also observed Silence exploiting a fairly new Netwrix vulnerability (tracked CVE-2022-31199).

“This vulnerability experienced been revealed only a number of months prior to the attacks took position, and the range of devices uncovered from the internet is expected to be very small,” reads the advisory.

“This implies that the attackers are not only on the lookout for new infection vectors but are also ready to promptly examination them and include them into their workflow.”

The Silence danger group was not the 1st noticed employing the malware tools previously mentioned. An Oct advisory by Microsoft connected Raspberry Robin to the Clop and LockBit ransomware teams.


Some parts of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «using xdr to consolidate and optimize cybersecurity technology Using XDR to Consolidate and Optimize Cybersecurity Technology
Next Post: Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware cisco warns of high severity unpatched flaw affecting ip phones firmware»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.