Linux Symbiote, Black Basta hearts Qbot, China hacking telecoms, and more.

Source:
https://www.spreaker.com/user/infosec_overnights/6-9-22-io-01

A daily look at the relevant information security news from overnight – 09 June, 2022

Episode 241 – 09 June 2022

Linux Symbiote- https://www.zdnet.com/article/this-new-linux-malware-is-almost-impossible-to-detect/

Black Basta hearts Qbot –
https://threatpost.com/black-basta-ransomware-qbot/179909/

Emotet gets Chromed- https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-credit-cards-from-google-chrome-users/

Cuba upgrade –
https://www.bleepingcomputer.com/news/security/cuba-ransomware-returns-to-extorting-victims-with-updated-encryptor/

China hacking telecoms –
https://www.securityweek.com/us-details-chinese-attacks-against-telecoms-providers

Hi, I’m Paul Torgersen. It’s Thursday June 9th, 2022, and from Chicago, this is a look at the information security news from overnight.

From ZDNet.com
A joint research effort has discovered a new form of Linux malware they’ve called Symbiote that is almost impossible to detect. Instead of attempting to compromise running processes, Symbiote instead acts as a shared object library that is loaded on all running processes via LD_PRELOAD. It appears to have been developed to target financial institutions in Latin America, although that is not definitive. Details and a link to the research blog post in the article.

From ThreatPost.com:
Here’s a mashup I never wanted to hear: Black Basta is now leveraging the Qbot network to spread its ransomware and move laterally through the infected networks. You can link to the NCC Group research for all the nasty details in the article.

From BleepingComputer.com:
The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. In an odd twist, once card details are collected they were exfiltrated to a different C2 server than the module loader. Details in the article.

Also from BleepingComputer.com:
The Cuba ransomware group has returned to regular operations with a new and improved version of its malware. Cuba ransomware’s activity reached a peak last year when it partnered with the Hancitor malware gang for initial access, breaching 49 US organizations. This year has seen much lower activity from them, but that appears to be changing with the upgrade to the malware.

And last today, from SecurityWeek.com
The NSA, CISA and FBI have issued a joint cybersecurity advisory warning of China-linked threat actors compromising telecom companies and network services providers. The advisory details some of the techniques and tactics the APTs use, as well as specify many of the vulnerabilities they have been targeting. See the article for details and a link to that advisory.

That’s all for me today. Have a great rest of your day. Like and subscribe. Tell a friend. And until tomorrow, be safe out there.