ShroudedSnooper has targeted Middle East-based telecom firms using two stealthy backdoors, HTTPSnoop and PipeSnoop, which employ advanced anti-detection techniques and can give cyberattackers persistent access to networks.

The configuration of the latest XWorm variant reveals key details such as the host, port, AES key, and Telegram information, providing insights into the malware’s operations.

The attack chain involves the use of LNK files and Dropbox to retrieve a second-stage payload, an MSI installer, that drops a Rust backdoor implant and other files on compromised systems.

A Chinese-speaking threat actor known for skimming credit card numbers off e-commerce sites and point-of-sale service providers in the Asia/Pacific region for more than a year has begun aiming at similar targets in North and Latin America as well.

Bruno Kahl, the head of Germany’s foreign intelligence service, warned that liquefied natural gas (LNG) terminals in the country could be targeted by state-sponsored hackers.

Cloud security firm Wiz discovered the privacy snafu when it found the GitHub repository “robust-models-transfer,” which belonged to Microsoft’s AI research division, leaking sensitive internal information.

An April ransomware attack against one of Australia’s largest law firms swept up the data of 65 Australian government agencies, the country’s newly appointed national cybersecurity coordinator said Monday.

The attackers utilized fake trading pools of cryptocurrency from decentralized finance (DeFi) trading applications to defraud their victims, with one individual losing $22,000 in a single week.

“All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also exist in Hook. The code implementation for these commands is nearly identical,” NCC Group security researchers said.

According to a report by Elliptic, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including Atomic Wallet ($100m), CoinsPaid ($37.3M), Alphapo ($60M), and Stake.com ($41M).