At a glance.
- New loader identified in wiper campaigns.
- Verizon's 2022 Data Breach Investigation Report shows a sharp rise in ransomware.
- Killnet crows large over Italian operations.
- Conti's dissolution doesn't mean its operators' disappearance.
- Origins of the Chaos ransomware operation.
- GuLoader campaign uses bogus purchase orders as phishbait.
- Security researchers targeted in malware campaign.
- Politically motivated DDoS attack on Port of London Authority website.
- Is REvil back and looking into new criminal techniques, or is a recent DDoS campaign the work of impostors?
- RansomHouse may be operated by frustrated bounty hunters.
- "Pantsdown" in QCT Baseboard Management Controllers.
- Warning on ChromeLoader.
- Ransomware at SpiceJet.
- BlackCat wants $5 million from Carinthia.
- Pro-Russian DDoS attacks.
New loader identified in wiper campaigns.
The GRU's Sandworm group, ESET reports, has deployed a new version of its ArguePatch loader. ArguePatch had seen previous use in both Industroyer and CaddyWiper attacks against Ukrainian targets. "The new variant of ArguePatch – named so by the Computer Emergency Response Team of Ukraine (CERT-UA) and detected by ESET products as Win32/Agent.AEGY – now includes a feature to execute the next stage of an attack at a specified time. This bypasses the need for setting up a scheduled task in Windows and is likely intended to help the attackers stay under the radar."