Security Research

AV-TEST, the renowned independent evaluator of antivirus and security solutions, recently released the results of their September 2022 evaluation of business security products for macOS Monterey. Acronis Cyber Protect showed excellent results — outperforming other participants like Bitdefender and Trellix (McAfee) — and earned a Certified badge for Corporate Endpoint Protection on macOS systems.

AXLocker is a ransomware that was found by malware researcher ‘S!ri,’ who posted it on Twitter. Later, it was discovered that AXLocker does not only encrypt files but also steals victims’ Discord credentials and uploads them to its own Discord server. Specifically, the AXLocker ransomware steals tokens stored on a local computer when the user logs in to Discord. It’s not packed or obfuscated.

Killnet is a Russian hacker group, previously known for providing DDoS services. At the end of October 2022, the security channel PCrisk discovered the first sample of Killnet ransomware. The group, via a Telegram channel, also announced a ransomware attack on an Italian chemical factory.

We’re proud to share that Acronis Cyber Protect Cloud with Advanced Security received excellent results in the latest AV-Comparatives Business Security Test, published on October 13, 2022.

A custom CovalentStealer malware, the Impacket framework, the HyperBro remote access trojan (RAT), and over a dozen China Chopper webshell samples were used by attackers to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.

Researchers discovered a new phishing campaign targeting U.S. and New Zealand job seekers. Victims receive emails supposedly presenting them with a lucrative job offer, but which actually contain malicious files.

CommonSpirit Health, one of the largest nonprofit hospitals in the US, has seemingly been hit by a cyberattack. The organization faced a disruption of its IT systems that led to some delays in patient care.

The Lazarus APT group is using job offers as a lure to infect people in their latest campaign. The threat actors are sending out messages that proport to contain a job offer from the Crypto.com financial exchange company.

Optus, a subsidiary of Singtel with over 10.5 million subscribers and Australia's second-largest mobile operator, has disclosed a security breach. Attackers claim to have obtained the data of 11 million customers, and have demanded $1 million in ransom. A small sample of the stolen data was initially published online.

A previously unknown threat actor named "Metador" has been breaching telecommunication companies, internet services providers (ISPs), and universities across multiple countries in the Middle East and Africa for about two years.

The infamous Hive ransomware gang has been busy lately. Just in the last week, they've claimed responsibility for four new victims.

An ongoing phishing campaign is abusing a feature from LinkedIn called Smart Links in order to bypass some security filters.