Cyber attacks / Cyber Ops / Cyber operations

The Chalubo RAT malware campaign targeted specific models of Actiontec and Sagemcom routers, primarily affecting Windstream’s network. The malware used brute-force attacks to gain access, executed payloads in memory to avoid detection, and communicated with C2 servers using encrypted channels. The attack led to a significant outage, requiring the replacement of over 600,000 routers, highlighting the need for robust security measures and regular updates to prevent such incidents. 📌Windstream: The...

In a world where smart devices are supposed to make our lives easier, «Detection of Energy Consumption Cyber Attacks on Smart Devices» dives into the thrilling saga of how these gadgets can be turned against us. Imagine your smart fridge plotting is going to drain your energy bill while you sleep, or your thermostat conspiring with your toaster to launch a cyberattack. This paper heroically proposes a lightweight detection framework to save us from these nefarious appliances by analyzing their energy consumption patterns...

Unpacking with more detail: check source So, here we have a riveting tale from the NSA, spinning a yarn about the dark arts of Living Off the Land (LOTL) intrusions. It’s like a bedtime story for cyber security folks, but instead of dragons, we have cyber threat actors wielding the mighty power of… legitimate tools? Yep, you heard it right. These digital ninjas are sneaking around using the very tools we rely on daily, turning our digital sanctuaries into their playgrounds. The document, in its infinite wisdom, distills the essence of the NSA’s advisory into bite-sized, actionable insights...

📌LockBit is the most dangerous ransomware in the world and has been responsible for a significant number of attacks in France between April 2022 and March 2023. 📌LockBit accounted for 57% of known attacks in France during this period, which is significantly higher than its nearest competitor, ALPHV. 📌The number of monthly attacks in France has been highly volatile, with LockBit being responsible for the majority of this volatility. 📌The French economy is large enough to provide a fertile hunting...

Botnet, named “Goldoon,” has been targeting a decade-old vulnerability in unpatched D-Link devices. 📌Vulnerability Exploited: Goldoon exploits CVE-2015–2051, a critical security flaw with a CVSS score of 9.8, affecting D-Link DIR-645 routers. This vulnerability allows remote attackers to execute arbitrary commands via specially crafted HTTP requests. 📌Botnet Activities: Once a device is compromised, attackers gain complete control, enabling them to extract system information, establish communication...

This article serves as a technical guide on how a combination of network sniffing, MITM attacks, and exploitation of ADCS can lead to significant security breaches, emphasizing the need for robust security measures in network configurations and certificate handling processes. 📌WSUS Configuration and Vulnerability: The article details how a Windows Server Update Services (WSUS) server, configured to work over HTTP, can be exploited. The WSUS server’s protocol configuration is accessible by querying a specific registry key...