Hackers Group Utilizes Screenlogger to Locate Valuable Targets in America and Germany

A recently discovered cybercriminal group, referred to as TA866, has been targeting companies in the United States and Germany with malicious emails containing attachments or URLs that lead to the deployment of custom malware. This campaign, which Proofpoint has named 'Screentime', began in October 2022 and has continued into January 2023. The emails sent in October and November contained Publisher file attachments with malicious macros, while those sent in November and December contained URLs leading to Publisher files with macros or JavaScript files. In January, the emails used thread hijacking with a 'check my presentation' lure to trick recipients into clicking the malicious URLs. The URLs lead to a 404 TDS which filters the traffic and redirects the victim to a JavaScript file. If the file is run, a MSI package is fetched and executed, which in turn runs an embedded VBS script and achieves persistence. This script is the WasabiSeed malware, which downloads and executes another MSI file representing the Screenshotter malware, which takes screenshots of the victim's screen and sends them to a command-and-control server. The attackers then manually inspect the screenshots and use WasabiSeed to deploy additional payloads if the victim is deemed interesting. The AD profiling could lead to the compromise of other domain-joined hosts. The domains used in the attack were previously registered, expired, and then re-sold to the TDS operator. The researchers believe that TA866 is located in the UTC+2 or UCT+3 time zones, which correspond to Russia, and that the malware has been used in attacks since at least 2019, with some of the activity having an espionage objective. The recent activity appears to be financially motivated, however.

This Cyber News was published on www.securityweek.com. Publication date: Thu, 09 Feb 2023 13:39:02 +0000


Cyber News related to Hackers Group Utilizes Screenlogger to Locate Valuable Targets in America and Germany

Hackers Group Utilizes Screenlogger to Locate Valuable Targets in America and Germany - A recently discovered cybercriminal group, referred to as TA866, has been targeting companies in the United States and Germany with malicious emails containing attachments or URLs that lead to the deployment of custom malware. This campaign, which ...
1 year ago Securityweek.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 week ago Securelist.com
Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
10 months ago Bleepingcomputer.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
10 months ago Bleepingcomputer.com
Bank of America's Security Response: Mitigating Risks After Vendor Data Breach - In a concerning development, Bank of America has informed its customers about a possible data breach stemming from a security incident involving one of its vendors. This incident raises questions about the security of sensitive customer information, ...
7 months ago Cysecurity.news
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
9 months ago Securityboulevard.com
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 week ago Securityaffairs.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
8 months ago Bleepingcomputer.com
IT consultant in Germany fined for exposing shoddy security The Register - A security researcher in Germany has been fined €3,000 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified ...
8 months ago Theregister.com
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
9 months ago Bleepingcomputer.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
9 months ago Imperva.com
The Startup That Transformed the Hack-for-Hire Industry - If you're looking for a long read to while away your weekend, we've got you covered. First up, WIRED senior reporter Andy Greenberg reveals the wild story behind the three teenage hackers who created the Mirai botnet code that ultimately took down a ...
9 months ago Wired.com
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
5 months ago Darkreading.com
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
4 months ago Darkreading.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
10 months ago Bleepingcomputer.com
5 Valuable Skills Kids Can Gain by Playing Video Games - Video games come in all shapes and sizes and can be very educational for children of all ages. Video games can provide children with valuable skills that can help them in their everyday lives. From problem-solving abilities to self-control, learning ...
1 year ago Welivesecurity.com
Hackers breach Australian court hearing database - The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings. Court Services Victoria, an administrative body that supports the operations of the ...
9 months ago Therecord.media
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
7 months ago Securityboulevard.com
Poland says Russian military hackers target its govt networks - Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident ...
5 months ago Bleepingcomputer.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
10 months ago Bleepingcomputer.com
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
8 months ago Techtarget.com
Play Ransomware Has Hit 300 Entities Worldwide: FBI - The Play ransomware group, which was behind such high-profile attacks as those on the city of Oakland, California, and Dallas County, Texas, is behind at least 300 similar cyber-incidents since June 2022, according to government cybersecurity ...
9 months ago Securityboulevard.com
Hackers from North Korea Aimed at Medical and Energy Industries - The North Korean Lazarus hacking group has been identified as the perpetrator of a recent cyber espionage operation known as No Pineapple!. This designation highlights the group's malicious activities and its ability to carry out sophisticated ...
1 year ago Cybersecuritynews.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)