Archiving and IT - Information Management Today

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Internet Archive hacked. Hunt also verified the authenticity of the information included in the stolen archive.

Archiving

Archiving Data breaches Passwords File names

China-linked APT Mustang Panda upgrades tools in its arsenal

Security Affairs

APRIL 17, 2025

All the variants are distributed within archives containing a legitimate executable and a malicious DLL: Variant 1: Archive cf.rar includes mrender.exe and libcef.dll. Variant 2: Archive ru.zip includes FastVD.exe and LogMeIn.dll. Variant 3: Archive zz.rar includes gpgconf.exe and libgcrypt-20.dll.

IT

IT Archiving Encryption Communications

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

VXunderground archived the leak and published it on GitHub. We’ve archived the leak and made it available for download on GitHub.” We've archived the leak and made it available for download on GitHub. Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online.

Archiving

Archiving Encryption Passwords IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

In one case analyzed by the researchers, the attack chain begins by tricking the victim into opening a malicious RAR archive disguised as an image file by using a.jpg extension. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server.

File names

File names Archiving Encryption Phishing

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Spring has sprung, which means it’s time to get your data house in order.

Information governance

New Memento ransomware uses password-protected WinRAR archives to block access to the files

Security Affairs

NOVEMBER 22, 2021

Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. The ransomware copies files into password-protected WinRAR archives, it uses a renamed freeware version of the legitimate file utility WinRAR.

Archiving

Archiving Passwords Ransomware Access

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

In March 2025, threat actors distributed archived messages through Signal. The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The Ukrainian government experts noticed that some messages were sent from compromised contacts to increase trust.

Computer and Electronics

Computer and Electronics Archiving Passwords Government

National Public Data Published Its Own Passwords

Krebs on Security

AUGUST 19, 2024

Following last week’s story on the breadth of the NPD breach , a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator. NPD acknowledged the intrusion on Aug.

Passwords

Passwords IT Archiving Data breaches

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

VXunderground archived the leak and published it on GitHub. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. ” reads the report published by Check Point.

Archiving

Archiving Phishing Encryption Passwords

More of Internet Archive is back online, despite hackers infiltrating its helpdesk

Collaboration 2.0

OCTOBER 21, 2024

Following last month's devastating cyberattacks, there's good news and bad news about Internet Archive and its popular Wayback Machine.

Archiving

Archiving IT

The Internet Archive is finally mostly back online after a series of cyberattacks

Collaboration 2.0

OCTOBER 29, 2024

Though the Internet Archive may appear on the surface as just one service, it actually provides a variety of resources.

Archiving

Archiving IT

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

The zip archive contains an obfuscated JavaScript file, which creates and executes a PowerShell script that connects to the C2 (62.133.60[.]137), In late November, the experts spotted a malspam campaign impersonating DHL which used emails about freight invoices, attaching zip files named “Invoice###.zip”

File names

File names Authentication Access Archiving

Beware of the new phishing technique “file archiver in the browser” that exploits zip domains

Security Affairs

MAY 30, 2023

“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a.ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a.ZIP domain.

Archiving

Archiving Phishing Security IT

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. Chief Deputy AG Steven Popps called it a sophisticated attack.

Ransomware

Ransomware Manufacturing Paper Archiving

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

OCTOBER 22, 2024

The malware is distributed through phishing messages using a malicious attachment or a link to the malicious archive containing Bumblebee. Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘ Operation Endgame ‘ that disrupted its operations in May.

File names

File names Phishing Ransomware Archiving

Threat actors attempted to capitalize CrowdStrike incident

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

File names

File names Archiving Cybersecurity Communications

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

Experts observed the hackers using resume documents and archives, such as ZIPs and RARs, with alluring themes distributing CrimsonRAT. Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Military

Military IT Phishing Archiving

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Hunt & Hackett also observed the threat actor collecting at least one e-mail archive, of one of the multiple victim organizations. Sea Turtle cyber espionage group targeted telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

IT

IT Passwords Government Archiving

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware

Security Affairs

DECEMBER 23, 2021

In the initial attacks observed by the researchers, the malicious code downloads a Microsoft Cabinet (CAB) archive containing a malicious executable. When Microsoft’s patch closed that loophole, attackers discovered they could use a different attack chain altogether by enclosing the maldoc in a specially-crafted RAR archive.”reads

Archiving

Archiving File names Security Ransomware

Numando, a new banking Trojan that abuses YouTube for remote configuration

Security Affairs

SEPTEMBER 19, 2021

“Some Numando variants store these images in an encrypted ZIP archive inside their.rsrc sections, while others utilize a separate Delphi DLL just for this storage. The installer contains a CAB archive with a legitimate application, an injector, and an encrypted Numando banking trojan DLL. ” continues the report.

Archiving

Archiving Encryption IT Security

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !! The gang also published some screenshots as proof of data possession.

Ransomware

Ransomware Archiving Passwords Authentication

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

The disclosure of data in the archive poses a threat to the individuals whose data it contains. The disclosure of data in the archive poses a threat to the individuals whose data it contains. A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it.

Risk

Risk Archiving Access Privacy

Malspam campaign uses icon files to delivers NanoCore RAT

Security Affairs

MARCH 12, 2021

zipx file is a ZIP archive compressed using the most recent compression methods of the WinZip archiver to provide optimal results. 7Zip initially tries to open the files as a ZIP archive and fails, but afterward, 7Zip recognizes the.zipx files as Rar5 archives and can get their contents unpacked. The emails use a.

Archiving

Archiving Access Security IT

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

Those archived webpages show both RDP services were owned by an entity called 1337 Services Gmbh. A review of those messages archived by Intel 471 showed that dozens of early forum members referred privately to Finndev as the owner of shoppy[.]gg “Finndev.” ” Image: Ke-la.com. 30, the U.S. io , and rdp[.]sh.

Archiving

Archiving Passwords Government IT

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The threat actors leverage spear-phishing emails to deliver archive files utilizing DLL side-loading schemes. All the tools connect to the same infrastructure, which is associated with China-linked APT ToddyCat. ” reads the analysis published by Checkpoint. report – CurKeep collects information about the infected machine.

Government

Government IT Encryption Libraries

Snake, a new Info Stealer spreads through Facebook messages

Security Affairs

MARCH 7, 2024

export=download&id=1uRaMFq3jVR3yhcdRbBvuGdq-jLBLKtTH drops /kholapqua.com/Document.zip [link] pic.twitter.com/Y9CpY8xyLU — idclickthat (@idclickthat) August 17, 2023 Threat actors sent Facebook messenger direct messages to the victims attempting to trick them into downloading archive files such as RAR or ZIP files.

Archiving

Archiving Cybersecurity IT Information Security

National Public Data confirms a data breach

Security Affairs

AUGUST 17, 2024

Researchers from VX-underground reviewed the archive (277.1GB uncompressed) and confirmed the that data is real and accurate. The archive also contains data on deceased individuals. “Many of these files are archives themselves, with many of those then containing yet more archives.

Data breaches

Data breaches Archiving Sales Personal data

Data of 106 million visitors to Thailand leaked online

Security Affairs

SEPTEMBER 20, 2021

The expert discovered the unsecured database on August 22, 2021, and immediately notified the Thai authorities, he noticed that some of the data stored in the archive date back ten years. While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot.

Honeypots

Honeypots Archiving Personal data Cybersecurity

New SPIKEDWINE APT group is targeting officials in Europe

Security Affairs

FEBRUARY 29, 2024

The PDF included a link to a fake questionnaire that redirects users to a mailcious ZIP archive hosted on a compromised site. The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code.

Archiving

Archiving File names IT Information Security

Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

Security Affairs

AUGUST 4, 2024

” Researchers from VX-underground reviewed the archive (277.1GB uncompressed) and confirmed the that data is real and accurate. .” ” Researchers from VX-underground reviewed the archive (277.1GB uncompressed) and confirmed the that data is real and accurate. The archive also contains data on deceased individuals.

Data breaches

Data breaches Personal data Sales Archiving

Conti ransomware affiliate leaked gang’s training material and tools

Security Affairs

AUGUST 5, 2021

Now one of its affiliates leaked the IP addresses for Cobalt Strike C2 servers and an archive of 113 MB that includes training material and tools shared by the Conti operators with its network to conduct ransomware attacks. The Conti Ransomware operators offer their services to their affiliates and maintain 20-30% of each ransom payment.

Ransomware

Ransomware Archiving IT Security

DarkWatchman RAT uses Windows Registry fileless storage mechanism

Security Affairs

DECEMBER 20, 2021

The DarkWatchman has been distributed through phishing emails that use malicious ZIP archives (named ‘????????? ?12-6317-3621.zip’ The executable is a self-installing WinRAR archive that will install the RAT and keylogger. “This executable is a WinRAR SFX self installing archive that contains two files: ‘134121811.js’

Archiving

Archiving Communications Ransomware Phishing

iShutdown lightweight method allows to discover spyware infections on iPhones

Security Affairs

JANUARY 17, 2024

The log file is stored in a sysdiagnose (sysdiag) archive. . “When a user initiates a reboot, the operating system attempts to gracefully terminate running processes before rebooting. If a “client” process is still running when the reboot activity begins, it is logged with its process identifier (PID) and corresponding filesystem path.”

Archiving

Archiving Cybersecurity IT Access

Breach Roundup: Google AI Blunders Go Viral

Data Breach Today

MAY 30, 2024

Also: Okta Alert on Credential Stuffing; Data Breaches in Spain This week, Google AI search provided wrong answers, Internet Archive suffered DDos attack, Okta warned of credential stuffing, Canada shut down two tech firms, attackers delivered malware with Stack Overflow, Telefónica is probing breach, Iberdrola was breached and RansomHub said it hit (..)

Data breaches

Data breaches Archiving IT

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

The implant was distributed through malicious URLs in phishing emails, while the attackers used methods like self-extracting archives and Golang droppers in previous campaigns. The Awaken Likho group is now using a 7-Zip self-extracting archive that displays a decoy document while covertly installing the MeshAgent tool.

Government

Government Archiving Phishing Access

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Security Affairs

APRIL 22, 2024

The expert exploiting this known issue discovered the following vulnerabilities: CVE-2023-36396 Windows Compressed Folder Remote Code Execution Vulnerability – The RCE issue resides in Windows’s new extraction logic for all newly supported archive types. ” wrote Or Yair. CVE-2023-42757 was reserved for this vulnerability by MITRE.

Archiving

Archiving Access Security Risk

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Security Affairs

NOVEMBER 5, 2023

The attackers attempted to trick victims into downloading and decompress a ZIP archive (Cross-Platform Bridges.zip) containing the malicious Python code masqueraded by an arbitrage bot. log – SUGARLOADER Stage 3 (Loader)- Discord (fake) – HLOADER Stage 4 (Payload) – KANDYKORN Decompressing the archive, it reveals a Main.py

Blockchain

Blockchain Archiving Military Encryption

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Security Affairs

JANUARY 2, 2024

The content of the messages attempted to trick the recipients into opening a password-protected RAR archive. Once the archive is opened, the infection chain starts leading to the deployment of the JinxLoader payload. The attack spotted by the researchers used phishing messages posing as Abu Dhabi National Oil Company (ADNOC).

Archiving

Archiving Passwords Phishing IT

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. . The archive contains a link file named “War criminals destroying Ukraine (home addresses, photos, phone numbers, pages on social networks).lnk,” The phishing messages have been sent from “vadim_melnik88@i[.]ua,”

Military

Military Phishing Archiving File names

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Security Affairs

NOVEMBER 20, 2023

The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. NSFOCUS Research Labs observed DarkCasino implementing two attack processes using specially crafted weaponized archives. ” reads the report published by NSFOCUS.

Phishing

Phishing Archiving Financial Services Cybersecurity

North Korea-linked Konni APT targets Russian diplomatic bodies

Security Affairs

JANUARY 6, 2022

zip” (“congratulation” in Russian) instead of weaponized office documents, The archive containsand executable that acts as the first stage malware. The Windows x32 executable in the archive, named “????????????.scr,” .” reads the report published by Cluster25. The spoofed messages used a *@mid.ru

Phishing

Phishing Archiving IT Security

Threat actors attempted to capitalize CrowdStrike incident

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

File names

File names Archiving Cybersecurity Communications

Fake AV websites used to distribute info-stealer malware

Security Affairs

MAY 25, 2024

com : Distributes a ZIP archive file (“setup-win-x86-x64.exe.zip”) pro : Distributes a RAR archive file (“MBSetup.rar”) that was used to deploy the StealC information stealer malware. Below is the list of malicious websites analyzed by the researchers: avast-securedownload[.]com bitdefender-app[.]com

Archiving

Archiving Mining Information Security IT

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Security Affairs

JUNE 30, 2023

The attackers sent the password for the RAR archive in a separate email. Volexity first spotted the POWERSTAR backdoor in 2021, the experts observed the Iranian APT distributing the malicious code in a surprising number of different ways. ” continues the report.

IT

IT Phishing Cleanup Passwords

Internet Archive data breach impacted 31M users

China-linked APT Mustang Panda upgrades tools in its arsenal

Webinars

Trending Sources

The source code of Banshee Stealer leaked online

Webinars

PLAYFULGHOST backdoor supports multiple information stealing features

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

New Memento ransomware uses password-protected WinRAR archives to block access to the files

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

National Public Data Published Its Own Passwords

Banshee macOS stealer supports new evasion mechanisms

More of Internet Archive is back online, despite hackers infiltrating its helpdesk

The Internet Archive is finally mostly back online after a series of cyberattacks

MikroTik botnet relies on DNS misconfiguration to spread malware

Beware of the new phishing technique “file archiver in the browser” that exploits zip domains

Cloak ransomware group hacked the Virginia Attorney General’s Office

Experts warn of a new wave of Bumblebee malware attacks

Threat actors attempted to capitalize CrowdStrike incident

Pakistan-linked Transparent Tribe APT expands its arsenal

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware

Numando, a new banking Trojan that abuses YouTube for remote configuration

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Malspam campaign uses icon files to delivers NanoCore RAT

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Snake, a new Info Stealer spreads through Facebook messages

National Public Data confirms a data breach

Data of 106 million visitors to Thailand leaked online

New SPIKEDWINE APT group is targeting officials in Europe

Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

Conti ransomware affiliate leaked gang’s training material and tools

DarkWatchman RAT uses Windows Registry fileless storage mechanism

iShutdown lightweight method allows to discover spyware infections on iPhones

Breach Roundup: Google AI Blunders Go Viral

Awaken Likho APT group targets Russian government with a new implant

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

North Korea-linked Konni APT targets Russian diplomatic bodies

Threat actors attempted to capitalize CrowdStrike incident

Fake AV websites used to distribute info-stealer malware

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Stay Connected