While cloud computing is on advancement Stage, Gamers are at high risk
We’ve observed that one of the most prevalent, widely-distributed malware families in the world has reawakened after a prolonged absence. Emotet, the ubiquitous botnet that arrives in the guise of any of a thousand different bogus email messages, never really went away when it suddenly stopped appearing in our internal records and feeds of spam emails in February.
The sudden disappearance of the malware gave rise to a lot of rumors that the creators had been arrested, or contracted COVID-19, or simply had retired and planned to live the good life on the Black Sea coast. But these theories were squashed on July 17th, when we saw a new wave of Emotet attacks swing back into action. It is showing how the malware authors vented their frustration at Sophos by embedding a plaintext note to us in their source code. But, then in February 2020, Emotet ceased production – its botnets stopped activity and the waves of spam campaigns went silent. This isn’t the first time Emotet has vanished off the radar, only to rise again months later – and that’s exactly what we saw again last Friday. Emotet’s fundamental MO hasn’t changed, and users should be wary of email from an unknown source, or unexpectedly from a known source, with a Microsoft Office file attached – be extremely careful about opening it.
When you receive an email from an unknown source, or unexpectedly from a known source, with a Microsoft Office file attached, be extremely careful about opening it. In a related vein, if you receive an email that tells you to download such a file attachment in order to receive some sort of invoice or statement, be extremely suspicious.
APT 41 also known as Double-dragon is a sophisticated, cyberespionage actor that has been operating for four years and whose actions seems to be aligned with China’s five-year economic development plans. The group has been involved in strategic intelligence collection from organizations in many sectors, but also in financially motivated attacks that predominantly targeted the online gaming industry later moved to higher goals of targeting government sectors via smartphones. Over 2.2 million users have been affected by Winnti alias APT 41. This group leverages an arsenal over 46 different malware families and tools to accomplish their missions, including publicly available utilities, malwares basically shared over un-authorized open source apps.
The group has established and maintained strategic access to organizations in the healthcare, high-tech, and telecommunications sectors. APT41 operations against higher education, travel services, and news/media firms provide some indication that the group also tracks individuals and conducts surveillance. For example, the group has repeatedly targeted call record information at telecom companies. In another instance, APT41 targeted a hotel’s reservation systems ahead of Chinese officials staying there, suggesting the group was tasked to check the facility for security reasons. APT41 exploited the Zoho ManageEngine zero-day vulnerability, as per the report from Beyond Security.
APT41 has consistently targeted telecommunications companies, demonstrating consistent interest in obtaining access to these targets. The group has also repeatedly targeted call record information at telecom companies, supporting indications of their wider intelligence collection efforts. We believe that APT41 is highly sophisticated and innovative. Its history of financially motivated targeting of the video game industry has ultimately supported the group's state-sponsored activity.