Malicious Activity by NewsPenguin Group Discovered Aimed at Pakistani Organizations

A new malicious actor, known as NewsPenguin, has been linked to a phishing campaign targeting Pakistani entities. The attacker sent out emails with a malicious document attached that appeared to be an exhibitor manual for PIMEC-23, an event organized by the Pakistan Navy and Ministry of Maritime Affairs. The document was designed to trick recipients into opening it, which would then trigger a remote template injection to fetch a payload from an actor-controlled server. The server was found to be hosting two ZIP archives, one of which contained a Windows executable that could bypass sandboxes and virtual machines. The payload was encrypted with the XOR encryption algorithm, using the key 'Penguin'. The domain hosting the payloads had been registered since June 30, 2022, suggesting the attack was planned in advance. The target being an event run by the Pakistan Navy implies the threat actor is targeting government organizations, rather than for financial gain.

This Cyber News was published on thehackernews.com. Publication date: Thu, 09 Feb 2023 13:33:02 +0000


Cyber News related to Malicious Activity by NewsPenguin Group Discovered Aimed at Pakistani Organizations

Malicious Activity by NewsPenguin Group Discovered Aimed at Pakistani Organizations - A new malicious actor, known as NewsPenguin, has been linked to a phishing campaign targeting Pakistani entities. The attacker sent out emails with a malicious document attached that appeared to be an exhibitor manual for PIMEC-23, an event organized ...
1 year ago Thehackernews.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
2 months ago Securelist.com
Italian Firm Trains Pakistani Navy Officers in Cybersecurity, Raising Concerns - Recently, it has come to light that individuals responsible for state-sponsored cyberattacks, reportedly backed by Pakistan, underwent advanced training by an Italian security firm. Documents shared with The Sunday Guardian indicate that Pakistani ...
10 months ago Cysecurity.news
Ta444 Turn Credential Harvesting Activity: A Comprehensive Guide - The Ta444 cyber threat group is one of the most active cybercriminals in the world, and one of their notable methods is credential harvesting. Credential harvesting is the process of stealing user’s information, such as usernames, passwords, credit ...
1 year ago Securityaffairs.com
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
9 months ago Techtarget.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
1 year ago Bleepingcomputer.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
Pakistan Experiences Nationwide Power Outage due to Cyberattack - On the 23rd of January 2021, the entire Pakistani power grid experienced a massive power outage due to a coordinated cyberattack. The Pakistani power grid, which is responsible for providing energy to the nation, is considered one of the most ...
1 year ago Securityaffairs.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
11 months ago Securityboulevard.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
10 months ago Securityboulevard.com
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
9 months ago Darkreading.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
11 months ago Imperva.com
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The government said one group stole data through cyber-attacks, which was later made public, including ...
11 months ago Bbc.com
How to Eliminate Shadow IT and Achieve a Secure SaaS Environment in 2023 - The prevalence of Shadow IT has grown exponentially over the years, with most organizations being unaware of the security risks of unauthorized cloud applications. Shadow IT is any application or cloud service being used by employees for business ...
1 year ago Thehackernews.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
FBI and CISA publish guide to Living off the Land techniques - The Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation, and other authoring agencies have released a joint guidance about common living off the land techniques and common gaps in cyber defense ...
9 months ago Malwarebytes.com
Why the Keitaro TDS keeps causing security headaches - A software company named Keitaro has long been labeled by cybersecurity vendors as a legitimate traffic distribution system vendor, yet the company's product is repeatedly used for malicious activity by cybercriminals. Despite being described as a ...
7 months ago Techtarget.com
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs - Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and ...
10 months ago Microsoft.com
Smashing Security Podcast Episode 306: What is the State of Cyber Security in 2020? - The recent pandemic has created a need for businesses to invest in cybersecurity more than ever. The popularity of digital communication and remote access has exposed organizations to more cybersecurity threats than ever before. Graham Cluley’s ...
1 year ago Grahamcluley.com
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
10 months ago Darkreading.com
Attackers Target Microsoft Accounts to Weaponize OAuth Apps - Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, including cryptomining, phishing, and password spraying. ...
11 months ago Darkreading.com
Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
1 year ago Tripwire.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
10 months ago Blog.checkpoint.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
11 months ago Microsoft.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)