The leading hospital in India's capital limped back to normalcy on Wednesday after a cyberattack crippled its operations for nearly two weeks. Online registration of patients resumed Tuesday after the hospital was able to access its server and recover lost data. The hospital worked with federal authorities to restore the system and strengthen its defenses. It's unclear who conducted the Nov. 23 attack on the All India Institute of Medical Sciences or where it originated. READ MORE...
A North Korean hacking group took advantage of the Oct. 29 Itaewon crowd-crush tragedy, which killed more than 150 people, to trick South Korean targets into downloading malicious files, researchers with Google's Threat Analysis Group revealed Wednesday. The discovery of the campaign appears to be just the latest attempt by a notorious North Korean hacking group known as APT37, which has targeted North Korean defectors, policymakers, journalists and human rights activists and others in South Korea. READ MORE...
A darknet platform dubbed 'Zombinder' allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion. This new platform was discovered by cybersecurity firm ThreatFabric, which spotted malicious Windows and Android campaigns distributing multiple malware families. READ MORE...
A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. The purpose of the malware is to add compromised devices to a distributed denial-of-service (DDoS) botnet to launch powerful attacks against specified targets. READ MORE...
ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is known for its destructive operations. In February 2022, Agrius began targeting Israeli HR and IT consulting firms, and users of an Israeli software suite used in the diamond industry. We believe that Agrius operators conducted a supply-chain attack abusing the Israeli software developer to deploy their new wiper, Fantasy. READ MORE...
Internet Explorer remains a viable attack vector and a recurring one for APT37, a group of malicious actors backed by the North Korean government, according to a Google Threat Analysis Group blog post released Wednesday. The group exploited a previously unknown zero-day vulnerability to attack individuals based in South Korea with malware embedded in a Microsoft Office document. READ MORE...