Russia, Belarus targeted by hacktivist attacks

4 September 2024

After obtaining initial network access through the exploitation of the VMware vulnerability, tracked as CVE-2023-38831, Head Mare proceeds with the deployment of the PhantomDL and PhantomCore backdoors that facilitate additional payload delivery, according to a Kaspersky analysis. Aside from establishing scheduled tasks and registry values to conceal malicious activity, attackers also leveraged the open-source command-and-control framework Sliver and the Mimikatz, ngrok, and rsockstun tools for credential harvesting, lateral movement, and network discovery operations before ultimately launching the LockBit and Babuk ransomware strains against Windows and Linux systems, respectively, Kaspersky researchers said.

Source: SC Magazine

Date:

4 September 2024

Categorie(s):

NEWS

Tag(s):

Belarus, IT, Malware, News, Russia

ANZ CIO Challenges: AI, Cybersecurity & Data Analytics for 202515 November 2024
Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit15 November 2024
Drinking water systems for 26M Americans face high cybersecurity risks15 November 2024
AI, hybrid identity, and cybersecurity’s next frontier: Key takeaways from Semperis CEO at HIP conference15 November 2024
For November, Patch Tuesday includes three Windows zero-day fixes15 November 2024