InvisiMole and Gamaredon cooperation. Spyware in Chrome extensions. Phishing and redirection. Brisk criminal forum business.

0
485

Sino-Indian border skirmishing appears to have been accompanied by Chinese distributed denial-of-service attacks against Indian targets. TimesNow says the attacks are thought to emanate from Chengdu, headquarters of PLA Unit 61398.

InvisiMole, a cyberespionage group discovered in 2018 but active at least since 2013, is known to have operated against Eastern European military and diplomatic targets, including targets in Russia and Ukraine. The group appears to collaborate with Gamaredon. ESET researchers report finding that InvisiMole has used Gamaredon’s .NET downloader (MSIL/Pterodo). Only a small subset of Gamaredon’s victims were prospected by InvisiMole, which suggests that the stealthier, more sophisticated InvisiMole makes highly selective use of noisy Gamaredon’s target list. It also uses EternalBlue and BlueKeep exploits for lateral movements once it’s in the targeted enterprises. Gamaredon has been linked to Russia; InvisiMole has hitherto been more elusive.

Reuters reports that Awake Security has found a massive spyware infestation among Chrome extensions, about thirty-two-million downloads’ worth.

Check Point describes a phishing campaign directed toward acquiring…

Read More…