Npav Lab

A four-month-long cyberattack targeted a major U.S. organization, compromising its network and extracting sensitive data. The breach is attributed to a Chinese state-sponsored group, employing advanced techniques like DLL side-loading, living-off-the-land tools, and targeting Exchange servers.

Chinese state-backed hacking group Salt Typhoon has breached telecommunications companies in dozens of countries, including eight firms in the U.S., exploiting vulnerabilities in private communication networks. This long-running campaign raises alarms about critical infrastructure security and highlights the urgent need for encrypted communications and robust system defenses.

The Horns and Hooves campaign, active since March 2023, has targeted over 1,000 victims with phishing emails containing JavaScript payloads that deploy sophisticated RAT malware like NetSupport RAT and BurnsRAT. This attack primarily targets private users, retailers, and service businesses in Russia, leveraging remote access tools for data theft, ransomware, and malware deployment.

Over 8 million Android users across nine countries have been impacted by SpyLoan malware embedded in loan apps downloaded from the Google Play Store. These apps exploit user trust, financial desperation, and intrusive permissions to harvest sensitive data, leading to extortion, harassment, and financial loss.

Bologna Football Club 1909 has confirmed a ransomware attack by the RansomHub gang, resulting in the theft and public release of sensitive data. The leaked information includes sponsorship contracts, financial records, and personal data of players, employees, and fans, emphasizing the rising cyber threat to sports organizations.

Hackers have leveraged the popular Godot game engine to spread GodLoader malware, infecting over 17,000 systems within three months. By exploiting Godot’s scripting language and packaging capabilities, cybercriminals bypass detection and deliver payloads like the XMRig crypto miner. This attack highlights the need for vigilance within open-source communities and enhanced protection against malware disguised as legitimate tools.

Researchers have discovered "Bootkitty," the first-ever UEFI bootkit targeting Linux systems. Although currently a proof-of-concept, this development signals a critical shift in the UEFI threat landscape, historically dominated by Windows-focused attacks. Bootkitty demonstrates advanced capabilities, including bypassing Secure Boot protocols and disabling kernel integrity checks, emphasizing the need for robust cybersecurity measures to protect Linux environments.

A Russia-aligned cybercrime group, RomCom, has leveraged two zero-day vulnerabilities in Firefox and Windows to deploy its backdoor malware, RomCom RAT, in a series of sophisticated attacks. These vulnerabilities allow remote code execution with no user interaction, escalating the threat posed by this group in both espionage and cybercrime operations.

We are thrilled to announce that NPAV (Net Protector Antivirus) has been awarded the prestigious AV-Test Advanced Threat Protection (ATP) Certificate, a testament to our cutting-edge capabilities in defending against today’s most sophisticated cyber threats.

The recent ransomware attack on Blue Yonder, a leading supply chain management firm, has caused significant disruptions to grocery store operations in the UK. The incident highlights the vulnerability of supply chain systems and the cascading impact on essential services like retail and logistics.