The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 6 cores and 12 processing threads bundled with the quiet AMD wraith stealth cooler max temps 95°C 4 2 G... read more
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 8 cores and 16 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED s... read more
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more
Cybersecurity experts discovered clues connecting cybersecurity attacks to Thanos ransomware, which is used by Iranian state-sponsored hackers. Researchers from ClearSky and Profero investigated significant Israel organizations and found cyberattacks linked to an Iranian state-sponsored hacking group named “Muddywater.” Experts noticed repetitive patterns with two tactics in these attacks.
Firstly, it uses infected PDF and Excel files to attach malware from the hackers’ servers if they download and install them. Secondly, Muddywater mines the internet in search of unpatched MS Exchange email servers. It exploits the vulnerability “CVE-2020-0688” and deploys the servers with web shells, and again attaches the similar malware after downloading and installing the files. However, according to ClearSky, the second malware is not your everyday malware that is common but rather a unique malware with activities that have been noticed only once before. The Powershell threat is called “Powgoop” and was discovered last month by the experts.
Palo Alto Network says that Thanos malware was installed using Powgoop. Besides this, Hakbit or Thanos malware has used other malware strains to install the ransomware called “GuLoader,” which is coded in Visual Basic 6.0, different from other malware strains. “On July 6 and July 9, 2020, we observed files associated with an attack on two state-run organizations in the Middle East and North Africa that ultimately installed and ran a variant of the Thanos ransomware. The Thanos variant created a text file that displayed a ransom message requesting the victim transfer “20,000$” into a specified Bitcoin wallet to restore the files on the system,” says the Palo Alto report.
According to ClearSky, they stopped these attacks before hackers could cause any damage; however, keeping in mind the earlier episodes, the company is now on an alarm. As per experts at ClearSky, they believe that Muddywater uses Thanos ransomware to hide its attacks and infiltrations. They say, “We assess that the group is attempting to employ destructive attacks via a disguised as ransomware attacks. Although we didn’t see the execution of the destruction in the wild, due to the presence of the destructive capabilities, the attribution to nation-state sponsored threat actor.”
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.