CyberSecurityBoard
Sponsor Register Login

Malicious Activity by NewsPenguin Group Discovered Aimed at Pakistani Organizations

A new malicious actor, known as NewsPenguin, has been linked to a phishing campaign targeting Pakistani entities. The attacker sent out emails with a malicious document attached that appeared to be an exhibitor manual for PIMEC-23, an event organized by the Pakistan Navy and Ministry of Maritime Affairs. The document was designed to trick recipients into opening it, which would then trigger a remote template injection to fetch a payload from an actor-controlled server. The server was found to be hosting two ZIP archives, one of which contained a Windows executable that could bypass sandboxes and virtual machines. The payload was encrypted with the XOR encryption algorithm, using the key 'Penguin'. The domain hosting the payloads had been registered since June 30, 2022, suggesting the attack was planned in advance. The target being an event run by the Pakistan Navy implies the threat actor is targeting government organizations, rather than for financial gain.

This Cyber News was published on thehackernews.com. Publication date: Thu, 09 Feb 2023 13:33:02 +0000


Cyber News related to Malicious Activity by NewsPenguin Group Discovered Aimed at Pakistani Organizations

Malicious Activity by NewsPenguin Group Discovered Aimed at Pakistani Organizations - A new malicious actor, known as NewsPenguin, has been linked to a phishing campaign targeting Pakistani entities. The attacker sent out emails with a malicious document attached that appeared to be an exhibitor manual for PIMEC-23, an event organized ...
3 years ago Thehackernews.com
CVE-2022-50280 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 year ago Securelist.com
Italian Firm Trains Pakistani Navy Officers in Cybersecurity, Raising Concerns - Recently, it has come to light that individuals responsible for state-sponsored cyberattacks, reportedly backed by Pakistan, underwent advanced training by an Italian security firm. Documents shared with The Sunday Guardian indicate that Pakistani ...
2 years ago Cysecurity.news
Ta444 Turn Credential Harvesting Activity: A Comprehensive Guide - The Ta444 cyber threat group is one of the most active cybercriminals in the world, and one of their notable methods is credential harvesting. Credential harvesting is the process of stealing user’s information, such as usernames, passwords, credit ...
3 years ago Securityaffairs.com
Pakistani Actors Built 300+ Cracking Websites Used to Deliver Info-Stealer Malware - This extensive operation represents one of the largest documented cases of coordinated malware distribution through seemingly legitimate software cracking portals, affecting corporate and individual users globally who fall victim to credential theft. ...
8 months ago Cybersecuritynews.com
CVE-2022-48895 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Pakistani Firm Shipped Fentanyl Analogs, Scams to US – Krebs on Security - California resident Walter Horsting discovered something similar when he sued 360 Digital Marketing in small claims court last year, after hiring a company called Vox Ghostwriting to help write, edit and promote a spy novel he’d been working ...
10 months ago Krebsonsecurity.com
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
2 years ago Techtarget.com Rocke 8base LockBit BianLian Medusa
Pakistan Experiences Nationwide Power Outage due to Cyberattack - On the 23rd of January 2021, the entire Pakistani power grid experienced a massive power outage due to a coordinated cyberattack. The Pakistani power grid, which is responsible for providing energy to the nation, is considered one of the most ...
3 years ago Securityaffairs.com
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
2 years ago Securityboulevard.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
3 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
2 years ago Imperva.com CVE-2017-3506 CVE-2021-44228 CVE-2020-14883 CVE-2020-14882
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
3 years ago Bleepingcomputer.com
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The government said one group stole data through cyber-attacks, which was later made public, including ...
2 years ago Bbc.com
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
2 years ago Darkreading.com
Pakistani Hacker Group Targets Indian Government Websites - A Pakistani hacker group has been actively targeting Indian government websites, exploiting vulnerabilities to gain unauthorized access and disrupt services. This cyber campaign highlights the ongoing geopolitical tensions between the two countries ...
4 months ago Infosecurity-magazine.com Pakistani hacker group
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
3 years ago Securityweek.com
Why the Keitaro TDS keeps causing security headaches - A software company named Keitaro has long been labeled by cybersecurity vendors as a legitimate traffic distribution system vendor, yet the company's product is repeatedly used for malicious activity by cybercriminals. Despite being described as a ...
1 year ago Techtarget.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
2 years ago Cisa.gov
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs - Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and ...
2 years ago Microsoft.com
FBI and CISA publish guide to Living off the Land techniques - The Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation, and other authoring agencies have released a joint guidance about common living off the land techniques and common gaps in cyber defense ...
2 years ago Malwarebytes.com Volt Typhoon
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
8 months ago Cybersecuritynews.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
2 years ago Securityboulevard.com
Russia's Wagner Group: What is the mercenary group? - BBC News - The Wagner Group, a Russian private military company, has been at the center of global attention due to its involvement in various conflicts and its controversial operations. This mercenary group is known for its close ties to the Russian government ...
4 months ago Bbc.com Wagner Group

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)