This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity.

https://threatpost.com/borat-rat-ransomware-ddos/179233/

Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.

https://threatpost.com/belarusian-ghostwriter-actor-picks-up-bitb-for-ukraine-related-attacks/179210/

QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.

https://threatpost.com/qnap-customers-adrift-fix-openssl-bug/179197/

Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers’ DevOps platforms – to its hit list.

https://threatpost.com/lapsus-back-from-vacation/179156/

A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.

https://threatpost.com/mshtml-flaw-exploited-to-attack-russian-dissidents/179150/

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.

https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.

https://threatpost.com/exchange-servers-speared-in-icedid-phishing-campaign/179137/

The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.

https://threatpost.com/doj-indicts-russian-govt-employees-over-targeting-power-sector/179108/

London Police can’t say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.

https://threatpost.com/uk-cops-collar-7-suspected-lapsus-gang-members/179098/

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.

https://threatpost.com/microsoft-azure-developers-pii-stealing-npm-packages/179096/

Mustang Panda’s already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.

https://threatpost.com/chinese-apt-combines-fresh-hodur-rat-with-complex-anti-detection/179084/

Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.

https://threatpost.com/microsoft-help-files-vidar-malware/179078/

Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.

https://threatpost.com/tax-season-scammers-spoof-fintechs-stash-public/179071/

A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.

https://threatpost.com/deadbolt-ransomware-qnap-again/179057/

The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.

https://threatpost.com/microsoft-lapsus-compromised-one-employees-account/179048/

Lapsus$ shared screenshots of internal Okta systems and 40Gb of purportedly stolen Microsoft data on Bing, Bing Maps and Cortana.

https://threatpost.com/lapsus-data-kidnappers-claim-snatches-from-microsoft-okta/179041/

“Evolving intelligence” shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said – but researchers warn that many orgs are not prepared.

https://threatpost.com/russia-cyberattacks-us-infrastructure/179037/

An unusual attack using an open-source Python package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.

https://threatpost.com/serpent-backdoor-chocolatey-installer/179027/

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.

https://threatpost.com/browser-in-the-browser-attack-makes-phishing-nearly-invisible/179014/

The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it’s actually spyware capable of stealing any and all information from victims’ social-media accounts.

https://threatpost.com/facestealer-trojan-google-play-facebook/179015/