Cybersecurity researchers have unmasked the identity of a single of the individuals who is believed to be affiliated with the e-criminal offense actor known as XE Team.
According to Menlo Security, which pieced together the info from different on-line resources, “Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest probability of being concerned with the XE Team.”
XE Team (aka XeThanh), earlier documented by Malwarebytes and Volexity, has a heritage of carrying out cyber prison things to do given that at the very least 2013. It is really suspected to be a risk actor of Vietnamese origin.
Some of the entities targeted by the risk actor span government businesses, building businesses, and health care sectors.
It is acknowledged to compromise internet-exposed servers with known exploits and monetize the intrusions by setting up password theft or credit score card skimming code for online services.
“As considerably again as 2014, the menace actor was viewed building AutoIT scripts that automatically created e-mails and a rudimentary credit rating card validator for stolen credit rating playing cards,” the cybersecurity firm said.
Before this March, U.S. cybersecurity and intelligence authorities disclosed XE Group’s makes an attempt to exploit a critical 3-year-old security flaw in Development Telerik equipment (CVE-2019-18935, CVSS rating: 9.8) to receive a foothold.
Forthcoming WEBINAR ๐ Mastering API Security: Understanding Your Legitimate Attack Surface
Explore the untapped vulnerabilities in your API ecosystem and get proactive actions in direction of ironclad security. Be part of our insightful webinar!
Join the Session.advert-button,.ad-label,.advert-label:afterscreen:inline-block.advert_two_webinarmargin:20px 10px 30px 0background:#f9fbffcolor:#160755padding: 5%border:2px strong #d9deffborder-radius:10pxtext-align:leftbox-shadow:10px 10px #e2ebff-webkit-border-top rated-remaining-radius:25px-moz-border-radius-topleft:25px-webkit-border-base-ideal-radius:25px-moz-border-radius-bottomright:25px.advert-labelfont-dimension:13pxmargin:20px 0font-body weight:600letter-spacing:.6pxcolor:#596cec.ad-label:soon afterwidth:50pxheight:6pxcontent:”border-major:2px good #d9deffmargin: 8px.advert-titlefont-sizing:21pxpadding:10px 0font-bodyweight:900text-align:leftline-top:33px.ad-descriptiontextual content-align:leftfont-sizing:15.6pxline-top:26pxmargin:5px !importantcolor:#4e6a8d.advert-buttonpadding:6px 12pxborder-radius:5pxbackground-coloration:#4469f5font-dimension:15pxcolor:#fff!importantborder:0line-peak:inherittext-decoration:none!importantcursor:pointermargin:15px 20pxfloat:leftfont-bodyweight:500letter-spacing:.2px
The adversary has also tried to attain entry to company networks in the previous as a result of phishing email messages despatched out using fraudulent domains mimicking genuine providers this sort of as PayPal and eBay.
Aside from camouflaging .EXE documents as .PNG documents to prevent detection, pick assaults have employed a web shell dubbed ASPXSpy to obtain control of susceptible programs.
“XE Team continues to be a continued menace to a variety of sectors, like federal government agencies, construction companies, and health care companies,” the scientists stated.
Discovered this report intriguing? Observe us on Twitter ๏ and LinkedIn to read through a lot more special articles we publish.
Some parts of this article are sourced from:
thehackernews.com