Cyphort Labs has discovered an extensive data theft campaign that we have named Nighthunter. The campaign has been active since 2009 and is designed to steal login credentials of users. Posted on July 9, 2014 by McEnroe Navaraj
· Campaign is amassing login credentials of users. At this point it does not seem likely that they are targeting specific organization or industries. We have seen threat activity across several verticals including energy, education, insurance and even charities.
· Targeted applications include Google, Yahoo, Facebook, Dropbox and Skype.
· Intent of data collection is unknown but attackers have many options to leverage the credentials and the potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high.
New threat actor: Spanish-speaking attackers targeting government institutions, energy, oil & gas companies and other high-profile victims via cross-platform malware toolkit
Kaspersky Lab’s security research team announced the discovery of “The Mask” (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iOS (iPad/iPhone).
The primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists. Victim