Our recent investigations show that this year, from February onwards, HotCousin has attempted to compromise foreign affairs ministries in Europe, Asia, Africa and South America. In the third quarter of 2022, Kaspersky researchers detected numerous APT campaigns, whose main target is governmental institutions. Metatron is designed to bypass native security solutions while deploying malware platforms directly into memory. Initially, it targets telecommunications, internet service providers, and universities in Middle Eastern and African countries. Kaspersky security experts found an undiscovered malware platform called Metatron. Using this implanted backdoor, the operator lay hidden in the victim’s environment for a month and collected system information.Īccording to Kaspersky, APT actors are not letting up. The actor used malware that hadn’t been seen before, with minimal functionality to execute commands from the C2 server. However, experts discovered that the malware and infection schemes have also been updated.
“The actor possibly used a strategic web compromise, employing an infection chain similar to that which researchers have previously reported, attacking an endpoint security program,” Kaspersky said. One of the well-known APT (Advanced Persistent Threat) groups Lazarus has been using DeathNote cluster against victims in South Korea, based on the discovery of Kaspersky. Kaspersky finds of Trojans targeting employee devices in PH
Kaspersky reports spike in crypto miner variants in Q3 2022 This, and other discoveries are revealed in Kaspersky’s latest quarterly threat intelligence summary. Kaspersky experts also discovered an advanced upgrade of DeathNote cluster and, together with SentinelOne, investigated never-seen-before malware Metatron. When an unsuspecting internet user clicked on the link, he or she will be directed to a Telegram channel where Sandstrike spyware is distributed through a seemingly harmless VPN.
The attackers use social media platforms to lure victims. According to cybersecurity solutions company Kaspersky, Sandstrike distributes the spyware using virtual private network (VPN). Sandstrike, a a previously unknown Android espionage campaign, has been spreading spyware to a Persian-speaking religion minority, Baháʼí.
0 kommentar(er)
