Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

North Korea has hacked USD 1.7B of crypto and views the loot as a ‘long-term investment’. Experts say that Pyongyang is going long on its take of tokens, rather than quickly trading them for cash.

North Korea’s crypto exchange attacks

According to Newsis and Chosun, the US federal government prosecutor issued statements saying that North Korean hackers have been “conspiring with other money-laundering criminals” to “steal crypto-assets” from at least “three digital asset exchanges” before “laundering the proceeds.”

Read more | >

Computer maintenance workers at Kyoto University have announced that due to an apparent bug in software used to back up research data, researchers using the University’s Hewlett-Packard Cray computing system, called Lustre, have lost approximately 77 terabytes of data. The team at the University’s Institute for Information Management and Communication posted a Failure Information page detailing what is known so far about the data loss.

The team, with the University’s Information Department Information Infrastructure Division, Supercomputing, reported that files in the /LARGEO (on the DataDirect ExaScaler storage system) were lost during a system backup procedure. Some in the press have suggested that the problem arose from a faulty script that was supposed to delete only old, unneeded log files. The team noted that it was originally thought that approximately 100TB of files had been lost, but that number has since been pared down to 77TB. They note also that the failure occurred on December 16 between the hours of 5:50 and 7pm. Affected users were immediately notified via emails. The team further notes that approximately 34 million files were lost and that the files lost belonged to 14 known research groups. The team did not release information related to the names of the research groups or what sort of research they were conducting. They did note data from another four groups appears to be restorable.

Read more | >

Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems.

That’s according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads.

“This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by [antivirus] engines, with the final stage leading to Purple Fox rootkit infection,” researcher Natalie Zargarov said.

Read more | >

Automating repetitive tasks with loops and functions.

Many R users get into R programming from a statistics background rather than a programming/software engineering background, having previously used software such as SPSS, Excel etc. As such they may not have an understanding of some of the programming techniques that can be leveraged to improve code. This can include making the code more modular which in turn makes it easier to find and resolve bugs, but also can be used to automate repetitive tasks, such as producing tables and plots etc.

This short post in c ludes some of the basic programming techniques that can be used to improve the quality and maintainability of R scripts. This will also save you a whole lot of time if you are carrying out repetitive tasks that are only marginally different. We assume that you have a basic understanding of writing simple scripts in R.

Let’s start with a simple example. Let’s say we have some data from several different groups. In this case 3 animals (tigers, swans and badgers) and we have collected some data on relating to this (a score and value of some kind).

Read more | >

An almost perfect way to stealthily store malware.

Korean researchers have detected a vulnerability in SSDs that allows malware to plant itself directly in an SSD’s empty over-provisioning partition. As reported by BleepingComputer, this allows the malware to be nearly invincible to security countermeasures.

Over-provisioning is a feature included in all modern SSDs that improves the lifespan and performance of the SSD’s built-in NAND storage. Over-provisioning in essentially just empty storage space. But, it gives the SSD a chance to ensure that data is evenly distributed between all the NAND cells by shuffling data to the over-provisioning pool when needed.

While this space is supposed to be inaccessible by the operating system — and thus anti-virus tools — this new malware can infiltrate it and use it as a base of operations.

Read more | >

OpenCTI-An Open Source Cyber Threat Intelligence Platform. OpenCTI allowing organizations to manage their Cybe Threat Intelligence observables.

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

The structuralist of the data is performed using a knowledge schema based on the STIX2 standards. It has been designed as a modern web application including a GraphQL API and an UX oriented frontend. Also, OpenCTI can be integrated with other resources and applications such as MISP, TheHive, MITRE ATTACK, etc.

The goal is to create a comprehensive software allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimlogy etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence etc.

Read more | >

If anything, the development is yet another indication of the threat actor’s capacity to continually “innovate and identify new techniques and tradecraft to maintain persistent access to victim environments, hinder detection, and confuse attribution efforts,” while also highlighting the “effectiveness of leveraging third parties and trusted vendor relationships to carry out nefarious operations.”

Microsoft had previously dubbed Nobelium as “skillful and methodic operators who follow operations security (OpSec) best practices.”

Ever since the SolarWinds incident came to light, the APT group has been connected to a string of attacks aimed at think tanks, businesses, and government entities around the globe, even as an ever-expanding malware toolbox has been put to use with the goal of establishing a foothold in the attacked system and downloading other malicious components.

Read more | >

Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables.

One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate.

The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.

Read more | >