Qualys Is the Latest Victim of Accellion Data Breach
Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.
Qualys has become the latest known victim of a data breach at enterprise firewall vendor Accellion that has affected numerous companies including, most notably, retail giant Kroger, law firm Jones Day, and the state of Washington.
In a statement late Wednesday, Qualys confirmed rumors that had been circulating all day about the company s network having been breached. But it provided few details on the nature of the incident or whether it had become a victim of the Clop ransomware strain, as numerous people reported via Twitter on Wednesday.
Steganography, hiding malicious code inside an image, is not new. But Cisco Talos threat researcher Asheer Malhotra says this technique of using malicious documents to point users to payloads in image files isn t very common. The fact that this threat actor is now using this technique that they ve never used before is interesting, Malhotra says. This shows that the actors are constantly designing new infection techniques and evolving their capabilities with a focus on stealth.
ObliqueRAT is a Trojan that has been associated with campaigns targeting organizations in South Asia. The malware is equipped to primarily spy on users, including via the system webcam. It can take screenshots, steal files, and gives attackers the ability to deliver malicious content and execute arbitrary commands on compromised systems. Proofpoint, Kaspersky, and others that also have been tracking the group say Transparent Tribe is a highly active APT that has been operational since at least 2013 and mai
Attacker Expands Use of Malicious SEO Techniques to darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
The primary goal is to be able to recover from offensive actions taken against the botnet, says Akamai researcher Evyatar Saias. The operators want to ensure that if domains are seized or IP addresses are null routed, they have an out-of-band method for communicating information that point infected systems to new C2 servers, he says. They leverage the blockchain to do that because it is decentralized and won t be taken down, Saias says.
The cryptocurrency-mining botnet malware that Akamai observed using the new technique is associated with a campaign called Skidmap that targets Linux machines, which Trend Micro first reported in September 2019. The malware exploits publicly known remote code execution vulnerabilities in technologies such as Hadoop YARN and Elasticsearch.