Code Obfuscation | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered that the malware known as  BLOODALCHEMY  used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT campaigns, it is crucial to pay special attention to the usage trend of this malware," Japanese company ITOCHU Cyber & Intelligence  said . BLOODALCHEMY was  first documented  by Elastic Security Labs in October 2023 in connection with a campaign mounted by an intrusion set it tracks as REF5961 targeting the Association of Southeast Asian Nations (ASEAN) countries. A barebones x86 backdoor written in C, it's injected into a signed benign process ("BrDifxapi.exe") using a technique called DLL side-loading, and is capable of overwriting the toolset, gathering host information, load

A relatively new threat actor known as  YoroTrooper  is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government's Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the origin of their operations, employing various tactics to make its malicious activity appear to emanate from Azerbaijan, such as using VPN exit nodes local to that region," security researchers Asheer Malhotra and Vitor Ventura  said . First documented by the cybersecurity company in March 2023, the adversary is  known to be active  since at least June 2022, singling out various state-owned entities in the Commonwealth of Independent States (CIS) countries. Slovak cybersecurity firm ESET is tracking the activity under the name  SturgeonPhisher . YoroTrooper's attack cycles

For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,