Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 13, 2023

Monday

Newest Dark Pink APT Attacks on Southeast Asian Targets Employ the KamiKakaBot Malware

A new round of assaults using the malware KamiKakaBot that targets military and governmental organizations in Southeast Asian nations have been attributed to the Dark Pink APT actor.


Group-IB initially profiled Dark Pink, also known as Saaiwc, earlier this year, describing its use of specialized tools like TelePowerBot and KamiKakaBot to execute arbitrary instructions and exfiltrate confidential data.


The threat actor, who is thought to be from the Asia-Pacific region, has been active since at least mid-2021, with 2022 seeing an uptick in activity.


The malware’s obfuscation process has been modified in the February campaign to better dodge anti-malware safeguards.


The malware is distributed by social engineering enticements that come with email message attachments that are ISO image files.


A loader (MSVCR100.dll), an executable (Winword.exe), and a fake Microsoft Word document with the KamiKakaBot payload are all included in the ISO image.


On the other hand, the loader is made to load the malware known as KamiKakaBot by using the DLL side-loading technique to go around security measures and load it into the memory of the Winword.exe binary

NEWS 1
Newest Dark Pink APT Attacks on Southeast Asian Targets Employ the KamiKakaBot Malware

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Nearly a Dozen Security Vulnerabilities were Found in the Akuvox E11 Smart Intercom

Akuvox, a Chinese company, has produced the smart intercom product called E11, which has more than a dozen security issues.

In a technical write-up, Claroty security researcher Vera Mens stated that the flaws “may allow attackers to execute code remotely in order to activate and manage the device’s camera and microphone, steal video and photos, or get a network foothold.

The Akuvox E11 is a “SIP [Session Initiation Protocol] video door phone especially developed for villas, houses, and apartments,” according to the company’s website.

Nevertheless, the product listing has been removed from the website, which now reads “Page does not exist.” According to a Google snapshot, the page was active as recently as March 12, 2023, 05:59:51 GMT.

The following are the problems that are the most serious:
CVE-2023-0344 (CVSS score: 9.1), CVE-2023-0345 (CVSS score: 9.8), CVE-2023-0354 (CVSS score: 9.1), and CVE-2023-0352 (CVSS score: 9.1)

Akuvox has now fixed the FTP server permissions issue by blocking the ability to list its content so malicious actors may no longer enumerate files, but the majority of the 13 security flaws remain unpatched, according to the industrial and IoT security business.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 13, 2023 /

Monday

Hackerzhome News

2

Have you heard?
FBI Is Looking Into A Data Breach That Affected U.S. House Personnel And Members. Know more!

Data is stolen by a CASPER attack employing a computer's internal speaker that is air-gapped.

Data is stolen by a CASPER attack employing a computer's internal speaker that is air-gapped.

A novel covert channel attack known as CASPER has been developed by researchers at Korea University’s School of Cyber Security.
It can leak data from air-gapped PCs to a nearby smartphone at a rate of 20 bits per second.

The CASPER attack uses the internal speakers of the target computer as the data transmission channel to send binary or Morse code to a microphone up to 1.5 meters away while also transmitting high-frequency sounds that the human ear is unable to hear.

Similar assaults utilizing external speakers have been created in the past by researchers. External speakers are unlikely to be employed in air-gapped, network-isolated systems used in harsh settings like government networks, energy infrastructure, and weapon control systems.

Internal speakers, however, that deliver audio feedback like boot-up sounds, are still seen to be required.

The target must first be infected with malware by a rogue employee or a cunning attacker with physical access, which is the case with nearly all secret channel attacks that target network-isolated systems.

The Stuxnet worm, which targeted Iran’s Natanz uranium enrichment facility, the Agent.BTZ malware, which infected a U.S. military base, and the Remsec modular backdoor, which secretly collected data from air-gapped government networks for more than five years are notable examples.

NEWS 3

Essendant, owned by Staples, is experiencing a multi-day "outage," with orders halted.

Essendant, owned by Staples, is experiencing a multi-day outage, with orders halted.
NEWS 4

Customers and suppliers are unable to place and complete online purchases due to a multi-day system “outage” at stationary and office supply wholesaler Essendant.

The United Stationers-owned business, which is now under Staples ownership, brings in more than $5.4 billion in revenue annually and employs more than 6,400 people.

Essendant is based in Deerfield, Illinois, and also has operations there as well.

Customers and suppliers of Essendant are being impacted as a result of a systems outage that prevents online orders from being placed or fulfilled.

Also, freight companies have been instructed to postpone all pickups until further notice.

Essendant is still working to restore service. It is believed that the operational disruption started sometime that evening of March 6, 2023.

On March 6, 2023, we sent some orders without providing an ASN. We will begin the procedure to issue those missing ASNs this weekend.

A new notification that the corporation has posted states that this process will take many days.
Orders that were placed but weren’t actually sent before Monday night’s downtime will be canceled by the business.

The Medusa ransomware gang gains momentum as it targets businesses across the world.

In 2023, the Medusa ransomware campaign started to gain momentum and started targeting business targets all over the world with million-dollar ransom demands.

The Medusa operation began in June 2021, but there were not many victims and there was not much activity.

However, the ransomware gang ramped up its operations in 2023 and created a “Medusa Blog” that was used to release data for victims who declined to pay a ransom.

Many malware families go by the moniker “Medusa,” including the well-known MedusaLocker ransomware operation, an Android malware family, and a Mirai-based botnet with ransomware capabilities.

Several people mistakenly believe that this ransomware family is the same as MedusaLocker because of the widely used term, which has led to some erroneous reporting about it.

With several affiliates, a ransom message generally called How to back files.html, and a wide range of file extensions for encrypted files, the MedusaLocker organization began operating as a ransomware-as-a-service in 2019.

The MedusaLocker operation conducts negotiations over the Tor website located at qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd. onion.

The Medusa ransomware gang gains momentum as it targets businesses across the world.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: