Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware

Just in time for the US election season, one of the Kremlin's favorite hack-and-leak spy groups — Star Blizzard — has developed its very first custom backdoor. [TechWeb]( Follow Dark Reading: [RSS]( January 19, 2024 LATEST SECURITY NEWS & COMMENTARY [Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware]( Just in time for the US election season, one of the Kremlin's favorite hack-and-leak spy groups — Star Blizzard — has developed its very first custom backdoor. [Threat Actors Team Up for Post-Holiday Phishing Email Surge]( Just like you and me, cyberattackers returned from winter break and immediately started sending thousands of emails. [Cybercrooks Target Docker Containers With Novel Pageview Generator]( Cyberattackers are exploiting Docker instances to drop the bot-tastic 9hits Web traffic generator and "earn" valuable credits that can be turned into cash. [With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too]( Insurers doubled premiums in late 2021 to offset losses from ransomware claims. With attacks rising again, organizations can anticipate a new round of increases. [Stealthy New macOS Backdoor Hides on Chinese Websites]( Modified malware from the Khepri open source project that shares similarities with the ZuRu data stealer harvests data and drops additional payloads. ['Chaes' Infostealer Code Contains Hidden Threat Hunter Love Notes]( Analysis of the infostealer malware version 4.1 includes hidden ASCII art and a shout-out thanking cybersecurity researchers. [Citrix Discovers 2 Vulnerabilities, Both Exploited in the Wild]( These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed." [Building AI That Respects Our Privacy]( Until laws can move at the speed of innovation, we'll see a discrepancy between the protections offered and the risks associated with technology. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Google Chrome Zero-Day Bug Under Attack, Allows Code Injection]( The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies. [Nearly 7K WordPress Sites Compromised by Balada Injector]( Nearly 200K WordPress sites could be vulnerable to the attack thanks to CVE-2023-6000, lurking in the PopUp Builder plug-in. [Strength in Numbers: The Case for Whole-of-State Cybersecurity]( WoS cybersecurity creates a united front for governments to defend against threat actors, harden security postures, and protect constituents who depend on services. [MORE]( PRODUCTS & RELEASES [Mimecast Announces New CEO]( [Salt Security Delivers API Posture Governance Engine]( [ESET Launches New Managed Detection and Response (MDR) Service for Small and Midsize Businesses]( [Intel 471 Appoints Technology Veteran, Sonja Tsiridis, Chief Technology Officer]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack]( Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps. LATEST FROM THE EDGE [Effective Incident Response Relies on Internal and External Partnerships]( Dark Reading research finds increased collaboration between security incident responders and groups within the HR, legal, and communications functions. LATEST FROM DR TECHNOLOGY [First Step in AI/ML Security Is Finding Them]( Security teams need to start including AI tools and machine learning models when thinking about the software supply chain: They can't protect what they don't know they have. LATEST FROM DR GLOBAL [Bangladeshi Elections Come Into DDoS Crosshairs]( A government app experiencing slowdowns on election day could be just the tip of the vote-meddling iceberg for the Asian country. But who's behind it? WEBINARS - [Tips for Managing Cloud Security in a Hybrid Environment]( - [Everything You Need to Know About DNS Attacks]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [Pixelle's OT Security Triumph with Security Inspection]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS]( - [The Need for a Software Bill of Materials]( - [The Developers Guide to API Security]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [The State of Supply Chain Threats]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120567&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.19.24&sp_cid=51490&utm_content=DR_NL_Dark%20Reading%20Daily_01.19.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#06 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)