Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

US authorities exposed ongoing hacking campaigns in Russia, Ukraine, India and Malaysia

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,545
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
Criminals use SlothfulMedia malware to steal information, keylogging and modify files.





The US Department of Defense and the US Department of Homeland Security spoke about malware that is being used by an unnamed group to carry out cyber attacks. CyberScoop sources said the criminals are attacking organizations in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.

The malware, dubbed SlothfulMedia by the military cyber command, is an information theft tool capable of keylogging and modifying files. Agencies have uploaded a sample of malware to a repository on VirusTotal.

The malware is being used in successful ongoing campaigns, but agencies have not disclosed which group is responsible for running them. The report also does not mention the specific goals of the criminals.

Cyber Command first began exposing government-backed hacking campaigns in 2018. Earlier, the agency reported on hacker operations by foreign governments, including operations from North Korea , Russia , Iran and China . Chinese government-affiliated hackers previously attacked Malaysian and Indian organizations, while Russian hackers carried out cyber-espionage operations against targets in Ukraine, Kazakhstan and Kyrgyzstan.

According to the departments, the malware downloads two files on the victim's device. One of them is a remote access Trojan that is capable of taking screenshots, modifying files on systems, killing processes, and running arbitrary commands. The Trojan, designated mediaplayer.exe, also appears to communicate with the attackers' C&C server using HTTP-over-TCP.

The second file has a random 5-digit name and removes the bootloader as soon as the RAT gets persistence on the system. Persistence is achieved by creating a service named Task Frame, which ensures that the RAT is loaded after a system reboot.
 

Trade

New member
Joined
Oct 6, 2020
Messages
1
Reaction score
0
Points
0
Awards
0
any more news about India?
 
Ad End 1 February 2024
Top