Tag: ESET

One of the most dangerous and most commonly used attack vectors by cybercriminals are unpatched vulnerabilities. The innovative vulnerability and patch management from the IT security manufacturer ESET helps SMEs to identify and fix them. This solution supports organizations in reliably detecting and eliminating security gaps in their systems. If the software has identified vulnerabilities in operating systems or common applications, administrators can have the required patches installed automatically or act manually. The guidelines supplied simplify the work of those responsible and can be individually adapted. Numerous filter options allow vulnerabilities to be prioritized according to their severity. ESET Vulnerability & Patch…

Invisibility cloak for malware services finally worthless

June 30, 2023

Professional malware is successful when it uses clever obfuscation to evade detection by security solutions. However, the experts at security manufacturer ESET have now demystified the best-known cloak for malicious code – AceCryptor. This Cryptor-as-a-Service has been actively used by threat actors worldwide since 2016 to protect dozens of malware families. In 2021 and 2022 alone, ESET telemetry made more than 240.000 detections of this malware. That equates to more than 10.000 detections per month. AceCryptor is likely to be sold on the dark web or underground forums and is hugely popular with cybercriminals….

Android Spyware: GravityRAT steals WhatsApp backups

June 25, 2023

WhatsApp users should pay close attention to what they download on their Android smartphones. ESET researchers have detected a new Android version of GravityRAT spyware hiding in infected versions of BingeChat and Chatico messaging apps. Since SMEs in particular also like to use private smartphones including WhatsApp, caution is called for. In the case under investigation, the malicious app steals WhatsApp backups and can also delete files on the devices. In order not to be immediately noticed, the app offers legitimate chat functionality based on the open-source application OMEMO Instant Messenger. ESET suspects the group SpaceCobra behind this campaign,…

Chinese, Russian APT groups attack Europe

13 May 2023

The European Union is increasingly targeted by Chinese and Russian APT groups. This is shown by the current ESET APT report, which reports on the latest developments in hacker groups such as Lazarus, Mustang Panda or Ke3chang. ESET security experts are seeing increasing attacks by APT (Advanced Persistent Threat) groups with ties to China, North Korea and Russia on EU countries and organizations in these countries. With fake job offers from the aviation company Boeing, the Lazarus Group tried to steal access data from employees of a Polish armaments company. Ke3chang and Mustang Panda, players with ties to China, have also attacked European companies. As part of…

APT group Lazarus is behind the cyber attack on 3CX

7 May 2023

With Operation DreamJob, the APT (Advanced Persistent Threat) group Lazarus attacked Linux users for the first time. The most prominent victim is the VoIP software developer 3CX. ESET experts discover connection to cyber attack on 3CX. The researchers at the IT security manufacturer ESET were able to reconstruct the entire course of the operation and thus prove that the hackers allied with North Korea were behind the so-called supply chain attacks ("supply chain attack"). The mischief takes its insidious course with a fake job offer as a zip file and ends with the SimplexTea malware. The Linux backdoor is distributed via an OpenDrive account. 3CX: It was Lazarus from North Korea...

Cyber espionage against NGO workers in China

2 May 2023

APT group Evasive Panda hacked update channels of legitimate Chinese apps and then specifically spied on members of an NGO - non-governmental organization. According to ESET, the MgBot backdoor entered the network via automatic updating. Researchers at IT security manufacturer ESET have uncovered a new sophisticated campaign by the APT (Advanced Persistent Threat) group Evasive Panda. This hacked the update channels of legitimate Chinese apps to distribute the MgBot malware installer. Chinese users were the focus of this activity, which according to ESET telemetry started as early as 2020. The affected users were located in the provinces…

Data Loss Prevention Vendor becomes a hacker victim

6 April 2023

With data loss prevention (DLP) solutions, companies want to prevent internal data from leaving their own network unintentionally. But if the software provider itself is hacked, its customers are also at risk. This is what happened to the provider who also has customers from government and military institutions. Supply chain attacks are among the dangers that are often underestimated, say the experts at IT security manufacturer ESET. They recently uncovered an attack on the network of an East Asian data loss prevention company whose customer portfolio includes government and military institutions. The ESET researchers attribute this attack with high probability to the APT group "Tick"...

Lazarus: New backdoor against targets in Europe

March 19, 2023

The APT group Lazarus, known for many attacks, is also using a new backdoor malware against targets in Europe. According to ESET researchers, the intended uses are espionage and data manipulation. The malware researchers at the IT security manufacturer ESET have uncovered a new dangerous malware from the notorious APT group Lazarus (Advanced Persistent Threat). The increased occurrence in South Korea, the code and the behavior of the backdoor "WinorDLL64" suggest that it is the hacker gang allied with North Korea. However, the backdoor is also used for targeted attacks in the Middle East and Europe. At ESET research facilities…

Backdoor: Chinese hacker group attacks Europe

March 15, 2023

| 2 comments