Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label MSI. Show all posts
MSI
cyber attack DarkGate Data threats MSI

DarkGate Using its New Variant MSI to Harm Your System

 

In the last month, the Netskope Threat Labs team noticed a big increase in malware being spread through SharePoint. This happened because some cyber attackers used Microsoft Teams and SharePoint to trick people into downloading the malware, called DarkGate. DarkGate is a malware that was first found in 2018. It has been used in many attacks recently. 

People like using DarkGate because it can do a lot of harmful things like taking control of a computer, recording what you type, stealing information, and even downloading more bad software. DarkGate can also be used to start even bigger attacks, like locking up your files and asking for money to unlock them. 

Recently, Netskope found a new version of DarkGate being spread using a special file called MSI. They used a method similar to something called Cobalt Strike Beacon to make it work. 

Let’s take a closer look at how MSI will infect your system 

The infection process begins with a deceptive email that pretends to be an invoice. This email carries a PDF document, which, when opened, reveals a template resembling a DocuSign document. This is designed to trick the user into thinking they need to review a document. When the user clicks on the document, it triggers the execution of an MSI file. This sets off a series of steps that load various elements, all contained within another file known as a CAB file, which is stored inside the MSI. 

Additionally, Trend Micro has noted that the DarkGate operators have attempted to distribute their malware through Microsoft Teams in organizations that allow messages from external users. In the past, Truesec and MalwareBytes have identified phishing campaigns in Teams that utilize harmful VBScript to deploy the DarkGate malware. 

Despite its age, DarkGate remains a prominent threat, exhibiting heightened activity in recent times. The DarkGate malware loader has witnessed a substantial surge in cybercriminal interest, becoming a favoured tool for gaining initial access to corporate networks. This uptick in usage garnered attention, especially after the successful disruption of the Qakbot botnet in August, underscoring the impact of international collaborative efforts. 

In the lead-up to the dismantling of the Qakbot botnet, an individual claiming to be DarkGate's developer sought to peddle subscriptions on a hacking forum, floating the possibility of an annual fee as high as $100,000. 

Various campaigns have employed diverse delivery and loading techniques, accompanied by the introduction of new malware functionalities. This demands vigilant efforts from the security community. Netskope Threat Labs is committed to monitoring the evolution of DarkGate malware and its Tactics, Techniques, and Procedures (TTPs).
Read more »
TWSE
BIOS/UEFI Cyber Attacks CyberCrime Cyberfraud firmware Monet Message MSI PCMag Software TWSE

Firmware Caution Advises MSI Cyberattack

 


Aside from gaming hardware manufacturers, modern corporations face constant attacks from malicious hackers and other digital no-goodniks. Corporations are not the only ones attacked by malicious hackers. MSI confirmed to its customers it had been attacked. 

MSI has enumerated its responsibility for how much damage has been caused. As a result, the company threatened to release proprietary software and source code. It has been reported that the Taiwanese computer manufacturer MSI (short for Micro-Star International)'s network has been compromised in a cyberattack. 

As reported earlier this week, a ransomware group has infiltrated MSI systems with the help of the Money Message ransomware attack. Unless the company pays a $4 million ransom fee to the hackers, well-protected corporate data will be released online next week. 

Asus advises all of its customers to ensure the latest BIOS and firmware updates are delivered only to the MSI website and not from anywhere else.

As expected, there are not many details, but it seems that MSI initiated "defense mechanisms and recovery measures" after detecting network anomalies and then notified law enforcement and the government. 

Earlier this week, in a filing with Taiwan's Stock Exchange (TWSE), first spotted by PCMag, MSI revealed that a cyberattack had occurred against some of its information service systems. The terrorist attack has been reported to the appropriate authorities. 

This group of criminals is demanding a $4 million ransom to avert the release of the entire data cache available on the web by the criminals. Although MSI does not specify details, the company warns customers not to download BIOS/UEFI files or firmware from any source other than the company's website. In light of this, it appears that compromised software is a current problem in the wild. 

It has been reported yesterday that there has been a cyberattack against the customer. The report stated that the attacker, a ransomware group called Money Message, has claimed to have stolen source code, a framework for developing bios and private keys. 

Moreover, the chat logs on this site showed that the group claimed to have stolen 1.5 TB of data. They wanted a ransom payment of over four million dollars for the stolen data. Whether these are connected or if MSI paid a ransom for these files is unclear. 

In a report, MSI representatives said that the company regained normal operations after restoring its systems. They have seen a minimal impact of the attack on their day-to-day operations. As long as customers exercise the usual level of due diligence when downloading software, drivers, and updates, they should not have too much to worry about if the company is telling the truth. According to rumors, this hack is unrelated to fraudulent emails in February. These emails purported to offer lucrative sponsorship deals to content creators through MSI.

In addition, MSI advises its customers to stick to the official MSI website exclusively for BIOS and firmware updates. This is preferable to downloading from unreliable sources like unknown websites or torrent download sites. If users search for unofficial - yet perfectly safe - firmware dumps on the internet for their devices, it would be rather pointless for them to look for modified or unofficial firmware dumps that are perfectly safe.
Read more »
Subscribe to: Posts (Atom)