Cybersecurity researchers have identified a new Golang-based backdoor which uses Telegram for command-and-control communications, thought to be of Russian origin. Once launched, the malware checks its location and if different, moves its own content accordingly, launching a copied version. It uses an open-source library for Golang Telegram Bot API bindings for command-and-control purposes. The malware can execute commands via PowerShell, relaunch itself and, in future, potentially capture screenshots.
United States Charges Developer of LockBit Ransomware Group
Rostislav Panev, a 51-year-old dual Russian-Israeli national, has been extradited to the U.S. for his role as a developer in the LockBit ransomware group. Arrested
