Malware

Organizations across Europe are having their Windows systems compromised with the BRICKSTORM backdoor linked to Chinese state-backed threat operation UNC5221 as part of a cyberespionage campaign that commenced three years ago, Infosecurity Magazine reports.

Novel BPFDoor backdoor component facilitates covert attacks Attacks involving a novel controller linked to the BPFDoor malware have been launched by the Earth Bluecrow threat operation, also known as Red Menshen, DecisiveArchitect, and Red Dev 18, against the Linux systems of telecommunications, finance, and retail organizations in Hong Kong, South Korea, Malaysia, Mynanmar, and Egypt last year, according to The Hacker News.

More threat actors have been leveraging the widely used open-source cross-platform runtime environment Node.js to covertly deploy malware and other malicious payloads since October, SecurityWeek reports.

The lesserknown ransomware group uses fake updaters on compromised sites to lure victims.

Hackread reports that widely used online file conversion tool PDFCandy.com has been spoofed to spread the ArechClient2 information-stealing malware.

Attacks involving trojanized coding challenges have been launched by North Korean state-sponsored hacking operation Slow Pisces, also known as TraderTraitor, JadeSleet, and Pukchong, to compromise cryptocurrency project developers with the new RN Loader and RN Stealer payloads since last year, according to Infosecurity Magazine.

BleepingComputer reports that Russian state-backed threat group Midnight Blizzard, also known as APT29 or Cozy Bear, has targeted embassies and other diplomatic organizations across Europe with the novel GrapeLoader malware loader and updated WineLoader backdoor variant as part of a spear-phishing campaign that began in January.

WatchGuard Technologies latest Internet Security Report reveals a sharp rise in network-based malware detections, surging 94% in the final quarter of 2024, signaling increasingly aggressive and evasive cyber threats, Beta News reports.