New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.
In January, Zscaler discovered a Zloader malware sample that contained what appeared to be a new DNS tunneling feature. Further research by Walmart indicated that Zloader was dropping a new proxy malware called BackConnect that contained code references to the Qbot (QakBot) malware.
BackConnect is malware that acts as a proxy tool for remote access to compromised servers. BackConnect allows cybercriminals to tunnel traffic, obfuscate their activities, and escalate attacks within a victim’s environment without being detected.
Description: We are the targets for numerous information campaigns, as companies, politicians, cybercriminals, and nation states guzzle up the digital dust of our online selves. These information campaigns are designed to trigger our survival instincts in order to prevent us from thinking, and instead trigger an emotional reaction. Dr. Schwartz will discuss this rivalry for power, and how we must first learn how to calm our survival brain in order to defend our cognitive terrain against the onslaught of information warfare.
Speaker Bio: Dr. Tamara Schwartz, USAF (ret.), is an Associate Professor of Cybersecurity and Strategy at the York College of Pennsylvania, and an affiliate researcher with Cybersecurity at MIT-Sloan Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, an international cybersecurity think tank. While on active duty, Dr. Schwartz’s thought leadership informed the standup of Cyber Command and the design of various command centers supporting Joint Space, Cyber, and Global Strategic Operations, and her work at the U.S. Embassy in Amman, Jordan earned her the 2011 Information Operations Officer of the Year. More recently, Dr. Schwartz was a member of the 2020 “Dr. Evil task force,” with the Defense Threat Reduction Agency, identifying future threats to inform DoD investments in emerging technology. She received her B.S. in Industrial Engineering from Rensselaer Polytechnic Institute, her M.S. in Engineering Management from the University of Dayton, and her Doctorate of Business Administration from the Fox School of Business, Temple University. Her research expertise includes Artificial Intelligence, cybersecurity as a strategic competitive advantage, and information warfare.
0:00 Intro. 0:21 Rufo Guerreschi. 0:28 Contents. 0:41 Part 1: Why we have a governance problem. 1:18 From e-democracy to cybersecurity. 2:42 Snowden showed that international standards were needed. 3:55 Taking the needs of intelligence agencies into account. 4:24 ChatGPT was a wake up moment for privacy. 5:08 Living in Geneva to interface with states. 5:57 Decision making is high up in government. 6:26 Coalition for a Baruch plan for AI 7:12 Parallels to organizations to manage nuclear safety. 8:11 Hidden coordination between intelligence agencies. 8:57 Intergovernmental treaties are not tight. 10:19 The original Baruch plan in 1946 11:28 Why the original Baruch plan did not succeed. 12:27 We almost had a different international structure. 12:54 A global monopoly on violence. 14:04 Could expand to other weapons. 14:39 AI is a second opportunity for global governance. 15:19 After Soviet tests, there was no secret to keep. 16:22 Proliferation risk of AI tech is much greater? 17:44 Scale and timeline of AI risk. 19:04 Capabilities of security agencies. 20:02 Internal capabilities of leading AI labs. 20:58 Governments care about impactful technologies. 22:06 Government compute, risk, other capabilities. 23:05 Are domestic labs outside their jurisdiction? 23:41 What are the timelines where change is required? 24:54 Scientists, Musk, Amodei. 26:24 Recursive self improvement and loss of control. 27:22 A grand gamble, the rosy perspective of CEOs. 28:20 CEOs can’t really say anything else. 28:59 Altman, Trump, Softbank pursuing superintelligence. 30:01 Superintelligence is clearly defined by Nick Bostrom. 30:52 Explain to people what “superintelligence” means. 31:32 Jobs created by Stargate project? 32:14 Will centralize power. 33:33 Sharing of the benefits needs to be ensured. 34:26 We are running out of time. 35:27 Conditional treaty idea. 36:34 Part 2: We can do this without a global dictatorship. 36:44 Dictatorship concerns are very reasonable. 37:19 Global power is already highly concentrated. 38:13 We are already in a surveillance world. 39:18 Affects influential people especially. 40:13 Surveillance is largely unaccountable. 41:35 Why did this machinery of surveillance evolve? 42:34 Shadow activities. 43:37 Choice of safety vs liberty (privacy) 44:26 How can this dichotomy be rephrased? 45:23 Revisit supply chains and lawful access. 46:37 Why the government broke all security at all levels. 47:17 The encryption wars and export controls. 48:16 Front door mechanism replaced by back door. 49:21 The world we could live in. 50:03 What would responding to requests look like? 50:50 Apple may be leaving “bug doors” intentionally. 52:23 Apple under same constraints as government. 52:51 There are backdoors everywhere. 53:45 China and the US need to both trust AI tech. 55:10 Technical debt of past unsolved problems. 55:53 Actually a governance debt (social-technical) 56:38 Provably safe or guaranteed safe AI 57:19 Requirement: Governance plus lawful access. 58:46 Tor, Signal, etc are often wishful thinking. 59:26 Can restructure incentives. 59:51 Restrict proliferation without dragnet? 1:00:36 Physical plus focused surveillance. 1:02:21 Dragnet surveillance since the telegraph. 1:03:07 We have to build a digital dog. 1:04:14 The dream of cyber libertarians. 1:04:54 Is the government out to get you? 1:05:55 Targeted surveillance is more important. 1:06:57 A proper warrant process leveraging citizens. 1:08:43 Just like procedures for elections. 1:09:41 Use democratic system during chip fabrication. 1:10:49 How democracy can help with technical challenges. 1:11:31 Current world: anarchy between countries. 1:12:25 Only those with the most guns and money rule. 1:13:19 Everyone needing to spend a lot on military. 1:14:04 AI also engages states in a race. 1:15:16 Anarchy is not a given: US example. 1:16:05 The forming of the United States. 1:17:24 This federacy model could apply to AI 1:18:03 Same idea was even proposed by Sam Altman. 1:18:54 How can we maximize the chances of success? 1:19:46 Part 3: How to actually form international treaties. 1:20:09 Calling for a world government scares people. 1:21:17 Genuine risk of global dictatorship. 1:21:45 We need a world /federal/ democratic government. 1:23:02 Why people are not outspoken. 1:24:12 Isn’t it hard to get everyone on one page? 1:25:20 Moving from anarchy to a social contract. 1:26:11 Many states have very little sovereignty. 1:26:53 Different religions didn’t prevent common ground. 1:28:16 China and US political systems similar. 1:30:14 Coming together, values could be better. 1:31:47 Critical mass of states. 1:32:19 The Philadelphia convention example. 1:32:44 Start with say seven states. 1:33:48 Date of the US constitutional convention. 1:34:42 US and China both invited but only together. 1:35:43 Funding will make a big difference. 1:38:36 Lobbying to US and China. 1:38:49 Conclusion. 1:39:33 Outro
A huge cybercriminal campaign has been spotted utilizing outdated and vulnerable Windows drivers to deploy malware against victims. The campaign originated in China, and the majority of the victims are also located in China.
An in-depth article published by cybersecurity researchers Check Point said the attackers identified a vulnerability in the Truesight.sys driver, version 2.0.2. This is an older version, known to allow arbitrary process termination.
Lumma Stealer is a fully-featured crimeware solution that’s offered for sale under the malware-as-a-service (MaaS) model, giving a way for cybercriminals to harvest a wide range of information from compromised Windows hosts. In early 2024, the malware operators announced an integration with a Golang-based proxy malware named GhostSocks.
“The addition of a SOCKS5 backconnect feature to existing Lumma infections, or any malware for that matter, is highly lucrative for threat actors,” Infrawatch said.
“By leveraging victims’ internet connections, attackers can bypass geographic restrictions and IP-based integrity checks, particularly those enforced by financial institutions and other high-value targets. This capability significantly increases the probability of success for unauthorized access attempts using credentials harvested via infostealer logs, further enhancing the post-exploitation value of Lumma infections.”
It’s worth noting that the intrusion set distributing the Winos 4.0 malware has been assigned the monikers Void Arachne and Silver Fox, with the malware also overlapping with another remote access trojan tracked as ValleyRAT.
“They are both derived from the same source: Gh0st RAT, which was developed in China and open-sourced in 2008,” Daniel dos Santos, Head of Security Research at Forescout’s Vedere Labs, told The Hacker News.
“Winos and ValleyRAT are variations of Gh0st RAT attributed to Silver Fox by different researchers at different points in time. Winos was a name commonly used in 2023 and 2024 while now ValleyRAT is more commonly used. The tool is constantly evolving, and it has both local Trojan/RAT capabilities as well as a command-and-control server.”
A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks.
This is according to an investigation by Xlab, which has been tracking the new campaign since last November, reporting that the botnet peaked on January 14, 2025, and currently has 800,000 active bots.
In September 2024, Dr. Web antivirus researchers found 1.3 million devices across 200 countries compromised by Vo1d malware via an unknown infection vector.
Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content.
An updated complaint identifies the individuals as Arian Yadegarnia from Iran (aka ‘Fiz’), Alan Krysiak of the United Kingdom (aka ‘Drago’), Ricky Yuen from Hong Kong, China (aka ‘cg-dot’), and Phát Phùng Tấn of Vietnam (aka ‘Asakuri’).
As the company explained today, these threat actors are key members of a global cybercrime gang that it tracks as Storm-2139.
