Latest Backdoor news

Hackers update Cisco IOS XE backdoor to hide infected devices

The number of Cisco IOS XE devices detected with a malicious backdoor implant has plummeted from over 50,000 impacted devices to only a few hundred after the attackers updated the backdoor to hide infected systems from scans.
- Lawrence Abrams
- October 22, 2023
- 01:37 PM
- 2
Russian Sandworm hackers breached 11 Ukrainian telcos since May

The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023.
- Bill Toulas
- October 16, 2023
- 02:06 PM
- 0
Women Political Leaders Summit targeted in RomCom malware phishing

A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics.
- Bill Toulas
- October 15, 2023
- 10:16 AM
- 0
ToddyCat hackers use 'disposable' malware to target Asian telecoms

A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021, using a wide variety of "disposable" malware to evade detection.
- Bill Toulas
- October 12, 2023
- 10:09 AM
- 0
New WordPress backdoor creates rogue admin to hijack websites

A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity.
- Bill Toulas
- October 11, 2023
- 05:23 PM
- 8
US and Japan warn of Chinese hackers backdooring Cisco routers

A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
- Bill Toulas
- September 27, 2023
- 11:51 AM
- 0
New AtlasCross hackers use American Red Cross as phishing lure

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.
- Bill Toulas
- September 26, 2023
- 11:35 AM
- 0
New stealthy and modular Deadglyph malware used in govt attacks

A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East.
- Bill Toulas
- September 23, 2023
- 05:00 PM
- 0
Hackers backdoor telecom providers with new HTTPSnoop malware

New malware named HTTPSnoop and PipeSnoop are used in cyberattacks on telecommunication service providers in the Middle East, allowing threat actors to remotely execute commands on infected devices.
- Bill Toulas
- September 19, 2023
- 11:14 AM
- 0
Iranian hackers backdoor 34 orgs with new Sponsor malware

A nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe.
- Bill Toulas
- September 11, 2023
- 12:19 PM
- 0
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign

A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519.
- Ionut Ilascu
- August 15, 2023
- 03:41 PM
- 1
CISA: New Whirlpool backdoor used in Barracuda ESG hacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices.
- Bill Toulas
- August 10, 2023
- 12:06 PM
- 3
Fake VMware vConnector package on PyPI targets IT pros

A malicious package that mimics the VMware vSphere connector module 'vConnector' was uploaded on the Python Package Index (PyPI) under the name 'VMConnect,' targeting IT professionals.
- Bill Toulas
- August 04, 2023
- 07:37 AM
- 0
CISA: New Submarine malware found on hacked Barracuda ESG appliances

CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies' networks by exploiting a now-patched zero-day bug.
- Sergiu Gatlan
- July 28, 2023
- 05:27 PM
- 0
FIN8 deploys ALPHV ransomware using Sardonic malware variant

A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version.
- Sergiu Gatlan
- July 18, 2023
- 09:15 AM
- 0
RomCom hackers target NATO Summit attendees in phishing attacks

A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania.
- Bill Toulas
- July 10, 2023
- 04:44 PM
- 0
Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version

Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.
- Sergiu Gatlan
- June 22, 2023
- 01:33 PM
- 3
Chinese APT15 hackers resurface with new Graphican malware

The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named 'Graphican' in a new campaign between late 2022 and early 2023.
- Bill Toulas
- June 21, 2023
- 06:00 AM
- 0
New RDStealer malware steals from drives shared over Remote Desktop

A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared through Remote Desktop connections.
- Bill Toulas
- June 20, 2023
- 09:00 AM
- 0
Russian hackers use PowerShell USB malware to drop backdoors

The Russian state-sponsored hacking group Gamaredon (aka Armageddon, or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics.
- Bill Toulas
- June 15, 2023
- 06:00 AM
- 0