Checkout my signature to learn hacking


✅✅✅✅

Checkout my signature to learn hacking


✅✅

✅

Hackers aligned with objectives of the Chinese government have been linked to an organized supply chain attack on Taiwan’s financial sector.

These attacks first commenced at the end of November 2021, with the intrusions attributed to a threat actor tracked as APT10, also known as Stone Panda, the MenuPass group and Bronze Riverside, and known to be active since at least 2009.

As published by CyCraft, the second wave of attacks hit a peak between February 10 and 13, 2022, as the wide-ranging supply chain compromise specifically targeted the software systems of financial institutions, resulting in “abnormal cases of placing orders.”

This infiltration activity has been codenamed “Operation Cache Panda,” and is said to exploit a vulnerability in the web management interface of the unnamed securities software that has a market share of over 80% in Taiwan, using it to deploy a web shell that acts as a conduit for implanting the Quasar RAT on the compromised system with the goal of stealing sensitive information.



Quasar RAT is a publicly available open-source remote access trojan (RAT) written in .NET. Possessing features such as capturing screenshots, recording webcam, editing registry, keylogging, and stealing passwords. In addition, the attacks leveraged a Chinese cloud file sharing service called wenshushu.cn to download auxiliary tools.

The disclosure comes as Taiwan’s Parliament, the Executive Yuan, unveiled draft amendments to national security laws aimed at combating Chinese economic and industrial espionage efforts. To that end, unapproved use of critical national technologies and trade secrets outside of the country could carry up to a 12-year prison sentence.

Furthermore, individuals and organizations that have been entrusted or subsidized by the Taiwanese government to conduct operations involving critical national technologies are expected to secure prior government approval for any trips to China, failing which could incur monetary fines of up to NT$10 million (~US$359,000).

This attacks come to light as the Taiwanese parliament unveiled draft amendments to national security laws aimed at combating Chinese economic and industrial espionage efforts. With this, unapproved use of critical national technologies and trade secrets outside of the country could carry up to a 12-year prison sentence.

Also, individuals and organizations that have been entrusted or subsidized by the Taiwanese government to conduct operations involving critical national technologies are expected to secure prior government approval for any trips to China, failing which could incur monetary fines of up to NT$10 million (USD$359,000).


Source : https://slytech.org/2022/02/22/taiwanese-financial-trading-sector-suffers-cyber-attack-by-chinese-hackers/

J

As part of an ongoing malware effort, LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux servers.

In a new study, CrowdStrike stated, “It operates an anonymous mining operation by using proxy pools, which disguise the wallet addresses.” “It avoids detection by targeting and disabling Alibaba Cloud’s monitoring service.”

LemonDuck is a malware that targets both Windows and Linux systems and is designed to mine Monero by exploiting system resources. However, it is also capable of credential theft, lateral movement, and the deployment of additional payloads for follow-on operations.

“It uses a wide range of spreading mechanisms — phishing emails, exploits, USB devices, and brute force, among others — and it has demonstrated that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns,” Microsoft wrote in a technical write-up of the malware last July.

LemonDuck-based attack chains exploited recently patched Exchange Server vulnerabilities in early 2021 to obtain access to obsolete Windows workstations and download backdoors and information stealers, including Ramnit.

CrowdStrike has discovered a new campaign that uses accessible Docker APIs as an initial access vector to run a rogue container to retrieve a Bash shell script file disguised as an innocuous PNG image file from a remote server.

According to the cybersecurity firm, similar image file droppers stored on LemonDuck-associated domains have been used by the threat actor since at least January 2021, according to historical data.

docker

The shell script that downloads the actual payload, terminates competing processes, disables Alibaba Cloud’s monitoring services, and finally downloads and starts the XMRig coin miner, is crucial to starting the attack.

The findings highlight the need of securing containers from possible dangers throughout the software supply chain, since hacked cloud instances have become a hub for illicit bitcoin mining activities.



TeamTNT targets AWS, Alibaba Cloud
The news comes after Cisco Talos revealed the toolset of a cybercrime outfit known as TeamTNT, which has a history of cryptojacking and backdooring cloud infrastructure.

code

“Cybercriminals who have been exposed by security researchers must update their tools in order to continue to operate successfully,” stated Darin Smith of Talos.

“TeamTNT’s tools show that cybercriminals are becoming more comfortable attacking modern settings like Docker, Kubernetes, and public cloud providers, which have previously been shunned by other cybercriminals who have focused on on-premise or mobile environments.”

Spring4Shell exploited for cryptocurrency mining
That’s not all, though. The serious remote code execution problem in Spring Framework (CVE-2022-22965) has been weaponized to deploy cryptocurrency miners, in yet another example of how threat actors quickly co-opt recently revealed flaws into their attacks.

To deploy the cryptocurrency miners, the exploitation efforts employ a bespoke web shell, but not before turning off the firewall and terminating other virtual currency miner processes.

“These cryptocurrency miners have the potential to affect a large number of users,” said Trend Micro researchers Nitesh Surana and Ashish Verma. “Especially since Spring is the most widely used framework for developing enterprise-level applications in Java, these cryptocurrency miners have the potential to affect a large number of users.”

Source : https://slytech.org/2022/04/22/keep-an-eye-out-dockers-aws-and-alibaba-cloud-are-being-targeted-by-cryptocurrency-miners/

Ok

Checkout my signature to learn hacking



✅✅✅

J

Checkout my signature to learn hacking


✅✅✅

Checkout my signature to learn hacking



✅✅✅✅

Checkout my signature to learn hacking



✅✅✅

To learn hacking checkout my signature



✅✅✅✅

To learn hacking checkout my signature



✅✅✅✅

Checkout my signature to learn hacking


✅✅✅

F

Checkout my signature to learn hacking




✅✅✅✅

Checkout my signature to learn hacking




✅✅✅✅

Checkout my signature to learn hacking




✅✅✅✅

Checkout my signature to learn hacking




✅✅✅

To learn hacking checkout my signature

✅✅

Checkout my signature to learn hacking




✅✅✅✅

Checkout my signature to learn hacking



✅✅✅

To learn hacking checkout my signature



✅✅

To learn hacking checkout my signature



✅✅✅