At a glance.
- Google targets CryptBot malware infrastructure.
- FIN7 used CVE-2023-27532 to attack Veeam servers and steal credentials.
- Ransomware-as-a-service offering threatens Linux systems.
- Chinese APT group Evasive Panda targets NGOs in China.
- Anonymous Sudan is active against targets in Israel.
- Russian ransomware operations aim at disrupting supply chains into Ukraine.
- KillNet declares itself a Russian “Private Military Hacker Company.”
- Prosecutors ask that accused Discord Papers leaker remain in custody.
- Bots want new kicks.
Google targets CryptBot malware infrastructure.
Google blogged yesterday explaining steps they’re taking to disrupt the CryptBot malware gang’s infrastructure after securing a court order against the malware’s operators. The tech giant has filed litigation against the CryptBot distributors, who they believe operate out of Pakistan and run what they call a “worldwide criminal enterprise.“ The legal complaint Google filed is based on multiple claims, which include “computer fraud and abuse and trademark infringement.” The company has been granted a temporary restraining order, Bleeping Computer reports, that allows for them to take down domains both now, and in the future that are linked to the malware. Google says that this will hinder CryptBot’s growth and decelerate the infection rate (which Google estimated at about 670,000 last year). “Lawsuits have the effect of establishing both legal precedent and putting those profiting, and others who are in the same criminal ecosystem, under scrutiny.” For more on Google's action against CryptBot, see CyberWire Pro.