Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

April 21, 2023

www.hackerzhome.org

Friday

Hacked TWiki and MediaWiki websites used by universities Fortnite trolls

Numerous American institutions’ websites are distributing Fortnite and “gift card” spam.


Wiki and documentation pages held by colleges such as Stanford, MIT, Berkeley, UMass Amherst, Northeastern, and Caltech, among others, were found to be compromised, according to researchers.


Over a dozen sub-domains associated with well-known American universities have been found to be hosting Fortnite spam this week, according to Twitter user g0njxa.


These websites appear to be powered by either TWiki or MediaWiki, the latter of which is a content management system (CMS) used by Wikipedia and many other Wikimedia websites.


These wiki articles, which are said to have been posted by spammers, entice visitors to fake websites by promising them “free gift cards,” “Fortnite Bucks,” and other digital items.


However, these domains load fake Fortnite pages, which are really phishing forms asking for user credentials.


Even while the malicious effort mostly targeted MediaWiki-based educational websites, it appears that several government websites were also attacked by the same threat actors.


These included microsites run by a state government in Brazil as well as Europa. EU from the European Union.

NEWS 1
hacked TWiki and MediaWiki websites used by universities Fortnite trolls

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Hackers from Lazarus now spread Linux malware through fake employment offers.

For the first time, a new Lazarus campaign that is thought to be a part of “Operation DreamJob” has been found to target Linux users with malware.

The recent supply-chain attack against VoIP operator 3CX was carried out by Lazarus, as confirmed with high confidence by ESET experts who found this new targeting.

The hack, which compromised numerous businesses using the 3CX client that had been infected with information-stealing trojans, was only identified in March 2023.

Lazarus was previously suspected of carrying out the attack, and several cybersecurity firms concurred with great certainty that the threat actor that trojanized 3CX was connected to North Korea.

Operation DreamJob by Lazarus, also known as Nukesped, targets individuals who work in the software or DeFi industries by posting fake job offers on LinkedIn and other social networking and communication platforms.

These social engineering attacks aim to deceive targets into downloading malicious files disguising themselves as legitimate documents containing information about the advertised position. These documents, however, infect the victim’s machine with malware.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 21, 2023 /

Friday

Hackerzhome News

2

Have you heard?
Hacking Of Microsoft SQL Servers To Release Trigona Ransomware Know more!

Intruders utilize a defunct WordPress plugin to gain access to websites

Intruders utilize a defunct WordPress plugin to gain access to websites

Attackers breach websites by inserting covert backdoors utilizing Eval PHP, a dated valid WordPress plugin.

An outdated WordPress plugin called Eval PHP enables site administrators to insert PHP code into posts and pages of WordPress websites, which is subsequently executed when the page is loaded in the browser.

The plugin is still accessible through the WordPress repository despite not receiving any updates in the last ten years and is usually regarded as abandonware.

In April 2023, the practice of utilizing Eval PHP to embed malicious code on ostensibly innocent WordPress pages increased, according to website security company Sucuri, and the WordPress plugin currently had an average of 4,000 fraudulent installations per day.

A previously known payload is delivered through PHP code injections that have been discovered during the past few weeks, giving the attackers access to remote code execution on the hacked website.

The ‘wp_posts’ table in the databases of the targeted websites is where the malicious code is introduced. As a result, it avoids common website security procedures like file integrity monitoring, server-side scanning, etc., making it more difficult to detect.

The threat actors install Eval PHP using a compromised or newly generated administrator account to accomplish this. This enables them to use [evalphp] shortcodes to introduce PHP code into the site’s pages and posts.

NEWS 3

Cyberattacks from the Daggerfly campaign target African telecom service providers.

Cyberattacks from the Daggerfly campaign target African telecom service providers.
NEWS 4

Since at least November 2022, telecommunications service providers in Africa have been the subject of a new campaign run by a threat actor with ties to China.

The hacking group, known as Daggerfly by Symantec and Bronze Highland and Evasive Panda by the larger cybersecurity community, has been blamed for the intrusions.

The cybersecurity firm said in a report posted with The Hacker News that the campaign takes use of “previously unknown plugins from the MgBot malware framework.” The attackers were also observed abusing the legal AnyDesk remote desktop software and using a PlugX loader.

Malwarebytes brought attention to Daggerfly’s usage of the MgBot loader (also known as BLame or MgmBot) in July 2020 as a component of phishing attacks targeted at members of the Indian government and people in Hong Kong.

The threat actor employs spear-phishing as an initial infection vector to spread MgBot, as well as other tools including Cobalt Strike, a legitimate adversary simulation program, and an Android-based remote access trojan (RAT) named KsRemote, according to a profile published by Secureworks.

As far back as 2014, the organization is suspected of engaging in espionage operations against domestic supporters of human rights and democracy as well as China’s neighboring countries.

Recent blog posts

60% of Russian phishing assaults will target Ukraine in 2023, according to Google.

In 2023, Google’s Threat Analysis Group (TAG) has been keeping an eye on and thwarting state-sponsored cyberattacks against Ukraine’s vital infrastructure.

According to Google, Ukraine was the main target of around 60% of phishing attacks coming from Russia between January and March 2023.

Most often, the objectives of the campaign involve gathering intelligence, interfering with operations, and releasing private information through Telegram channels intended to harm Ukraine’s information security.

Three Russian and Belarusian threat actors who engaged in noteworthy activity against Ukrainian targets in the first quarter of the year are listed by Google’s TAG.

The first is Sandworm, which Google has identified as “FrozenBarents,” which has targeted the energy sector throughout Europe since November 2022, with a case involving the Caspian Pipeline Consortium (CPC) being highlighted.

In order to spread bogus information on YouTube and Telegram, the threat group also establishes numerous online personas, frequently releasing portions of the data they take through phishing or network attacks.

60% of Russian phishing assaults will target Ukraine in 2023, according to Google.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.