Self-propagating malware poisons open source software and wipes Iran-based machines
摘要
一个名为TeamPCP的新黑客组织正发起持续攻击,传播一种自我传播的新型后门程序,并包含针对伊朗机器的数据擦除器。该组织最初于去年12月因针对云平台发动蠕虫攻击而受到关注,旨在构建代理和扫描基础设施以窃取数据、部署勒索软件等。近期,该组织通过不断演变的恶意软件扩大攻击范围,并在上周通过供应链攻击,在获得Trivy漏洞扫描器创建者的GitHub特权访问后,几乎
A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before-seen backdoor—and curiously a data wiper that targets Iranian machines.
The group, tracked under the name TeamPCP, first gained visibility in December, when researchers from security firm Flare observed it unleashing a worm that targeted cloud-hosted platforms that weren’t properly secured. The objective was to build a distributed proxy and scanning infrastructure and then use it to compromise servers for exfiltrating data, deploying ransomware, conducting extortion, and mining cryptocurrency. The group is notable for its skill in large-scale automation and integration of well-known attack techniques.
Relentless and constantly evolving
More recently, TeamPCP has waged a relentless campaign that uses continuously evolving malware to bring ever more systems under its control. Late last week, it compromised virtually all versions of the widely used Trivy vulnerability scanner in a supply-chain attack after gaining privileged access to the GitHub account of Aqua Security, the Trivy creator.
转载信息
评论 (0)
暂无评论,来留下第一条评论吧