HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.

The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence" based on the history of compromised victims—spread via an initial dropper that masks itself as a visa application, the Global Research and Analysis Team at Kaspersky discovered.

The Turla APT, a Russian-based threat group, has a long history of carrying out espionage and watering hole attacks spanning various sectors, including governments, embassies, military, education, research, and pharmaceutical companies.

First documented by G-Data in 2014, COMpfun received a significant upgrade last year (called "Reductor") after Kaspersky found that the malware was used to spy on a victim's browser activity by staging man-in-the-middle (MitM) attacks on encrypted web traffic via a tweak in the browser's random numbers generator (PRNG).

👉🏼 Read more:
https://thehackernews.com/2020/05/malware-http-codes.html

https://securelist.com/compfun-http-status-based-trojan/96874/

#cyberespionage #malware #http #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Asylum Ambuscade: crimeware or cyberespionage? | WeLiveSecurity – June 2023

A curious case of a threat actor at the border between crimeware and cyberespionage

Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by Proofpoint researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few weeks after the start of the Russia-Ukraine war. In this blogpost, we provide details about the early 2022 espionage campaign and about multiple cybercrime campaigns in 2022 and 2023.

#AsylumEmbuscade
#SunSeed #AHKBOT #EU #Ukraine #Russia #CyberEspionage #espionage

Evasive Panda leverages Monlam Festival to target Tibetans | ESET

ESET researchers discovered a #cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole, and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for Windows and macOS to compromise website visitors with MgBot and a backdoor that, to the best of our knowledge, has not been publicly documented yet; we have named it #Nightdoor.

#EvasivePanda (also known as #BronzeHighland and #Daggerfly) is a Chinese-speaking APT group, active since at least 2012. ESET Research has observed the group conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. Government entities were targeted in Southeast and East Asia, specifically China, Macao, Myanmar, The Philippines, Taiwan, Vietnam,China and Hong Kong, India, and Malaysia

#APT #Trojan #Tibet