Ukraine subjected to PurpleFox malware attacks

February 2, 2024

More than 2,000 computers across Ukraine were noted by the country's Computer Emergency Response Team to have been compromised as part of a widespread attack campaign with the modular Windows botnet payload PurpleFox, also known as DirtyMoe, which could be leveraged to facilitate further payload deployment and distributed denial-of-service intrusions, BleepingComputer reports. Most of the 486 intermediate control server IP addresses detected in PurpleFox-infected computers from Jan. 20 to 31 originated from China, according to CERT-UA, which did not provide more details regarding the extent of the attack campaign, which is being tracked under UAC-0027. However, organizations have been given several recommendations on determining potential PurpleFox compromise, including evaluating network connections to "high" ports and verifying the payload's persistent execution. Meanwhile, those with confirmed infections were advised to remove all impacted modules using the free antivirus system of Avast, as well as activate the Windows firewall and block certain port traffic to prevent repeat compromise.

SC Staff

United States Department of the Treasury seal

Identity

BeyondTrust breach hits US Treasury Department

SC StaffDecember 31, 2024

The U.S. Treasury Department was confirmed to have its computers and documents compromised by Chinese state-backed advanced persistent threat hackers in an attack targeted at its BeyondTrust Remote Support software-as-a-service instance just over a week after the BeyondTrust breach was initially reported, reports BleepingComputer.

China Flag Made of Binary Code and Chinese Symbols on Red Backgr

Critical Infrastructure Security

Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise

SC StaffDecember 30, 2024

Nine U.S. telecommunications firms were confirmed by U.S. officials to have been compromised by Chinese state-backed threat group Salt Typhoon as part of its sweeping cyberespionage operation, with the newly-added unnamed entity's networks breached to facilitate geolocating activities for millions of individuals, Reuters reports.

Russia flag is depicted on the screen with the program code. The concept of modern technology and site development.

Critical Infrastructure Security

Italian websites subjected to pro-Russian DDoS attack campaign

SC StaffDecember 30, 2024

Security Affairs reports that numerous Italian websites — including those of the country's Ministry of Foreign Affairs, the Turin Transport Group, and the Linate and Malpensa airports — have been compromised as part of a distributed denial-of-service attack by pro-Russian hacktivist operation NoName057, which noted the intrusions to have been launched in retaliation of "Italian Russophobes."

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Ukraine subjected to PurpleFox malware attacks

Related

BeyondTrust breach hits US Treasury Department

Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise

Italian websites subjected to pro-Russian DDoS attack campaign

Related Events

Healthcare Cybersecurity: Protecting Lives in a Digital Age

Supercharging your threat intelligence with the tools you already have

Building an effective cybersecurity metrics program

Get daily email updates