Last week it was reported that Outlook app for Android, which is used by more…
In 2018, the Iranian pro-government group APT33 (or Elfin) adopted the vulnerability, mainly known for developing the Shamoon malware that was erasing data from hard drives. According to the information security company FireEye, in the attacks last December, the group introduced backdoors to web servers and used CVE-2017-11774 to infect the systems of victims of malware.
APT33 attacks coincided with reports about new versions of Shamoon. Although experts did not find a connection between these two events, according to Chronicle Security expert Brandon Levene, samples downloaded by the US Cyber Command on VirusTotal are related to the 2017 Shamoon attacks.
“Three of five malwares are tools for managing compromised web servers, and the other two are downloaders that use PowerShell to download the PUPY RAT Trojan for remote access”, – said Brandon Levene in an interview with ZDNet.
According to the expert, if the attacks with the exploitation of CVE-2017-11774 and these malicious data are linked, this explains how exactly APT33/Shamoon operators compromise objects of the attacks. Previously there was little information about the infection vectors.
In November last year, the US Cyber Command commenced a project in which it publishes on VirusTotal non-classified malware used in various APT groupings.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…