A previously unknown threat actor, dubbed TA866, has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group is likely financially motivated. The campaigns have been ongoing since October 3, 2022 and…
Cybersecurity researchers have detailed the tactics of a “rising” cybercriminal gang called “Read The Manual” (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit. The group started off in 2015 as a banking malware targeting businesses in Russia via drive-by downloads, spam, and phishing emails.…
Mar 30, 2023 saw the uncovering of a custom Windows and Linux backdoor called KEYPLUG, attributed to the Chinese state-sponsored threat activity group RedGolf. The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.…
An Android banking trojan named Nexus is being used by multiple threat actors to target 450 financial applications, cybersecurity firm Cleafy has warned. The malware appears to still be in its early stages of development, but it offers several features to perform account takeover (ATO) attacks against banking portals and cryptocurrency services, such as credentials…