Weekend Update anchors Colin Jost and Michael Che tackle the week's biggest news, like Trump pausing his chaotic tariffs for 90 days, Robert F. Kennedy Jr. recommending to keep fluoride out of the water and Trump saying his doctor told him he had a "very good soul."
The researchers note a change in the threat actor's tactics, including a
shift from VBS scripts to PowerShell-based tools, more obfuscation for
payloads, and increased use of legitimate services for evasion.
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”)
has been targeting a military mission of a Western country in Ukraine in
attacks likely deployed from removable drives.
Symantec threat researchers say the campaign started in February 2025
and continued until March, with hackers deploying an updated version of
the GammaSteel info-stealing malware to exfiltrate data.
According to the report,
initial access to the infected systems was probably achieved via
removable drives containing malicious .LNK files, a vector that Gamaredon has used in the past.
Latest Gamaredon attacks in Ukraine
During the investigation, the researchers noticed in the Windows
Registry of the compromised system a new value under the UserAssist key,
indicating that the infection started from an external drive from a
shortcut file named files.lnk.
Next, a heavily obfuscated script creates and runs two files. The
first handles command and control (C2) communications, resolving the
server address using legitimate services, and connecting to
Cloudflare-protected URLs.
The second file handles the spreading mechanism to infect other
removable and network drives using LNK files, while also hiding certain
folders and system files to hide the compromise.
Modifying Registry keys to hide specific files Source: Symantec
Next, Gamaredon used a reconnaissance PowerShell script
that can capture and exfiltrate screenshots of the infected device and
gather information about installed antivirus tools, files, and running
processes.
The final payload used in the observed attacks is a PowerShell-based version of GammaSteel that is stored in Windows Registry.
Payload stored in Registry, obfuscated and split by functions Source: Symantec
The malware can steal documents (.DOC, .PDF, .XLS, .TXT) from various
locations like Desktop, Documents, and Downloads, confirming
Gamaredon’s continuing interest in espionage.
Ultimately, the malware uses ‘certutil.exe’ to hash the files and
exfiltrates them using PowerShell web requests. If the exfiltration
fails, Gamaredon uses cURL over Tor to transfer the stolen data.
Finally, a new key is added to
‘HKCU\Software\Microsoft\Windows\CurrentVersion\Run’ to establish
persistence on the target computer.
The recent Gamaredon campaign reflects an effort to increase
operational stealth and effectiveness despite the threat group’s limited
sophistication compared to other Russian state actors.
Symantec comments that various incremental but meaningful
improvements in the threat group’s TTPs (tactics, techniques, and
procedures) elevate the risks it poses to Western networks, especially
considering Gamaredon’s unwavering tenacity.
Phishing-as-a-service (PhaaS)
platform Tycoon2FA, known for bypassing multi-factor authentication on
Microsoft 365 and Gmail accounts, has received updates that improve its
stealth and evasion capabilities.
Today's phishing attacks are bypassing defenses across email,
network, and endpoint security solutions. Join Luke Jennings, VP
R&D, as he breaks down why phishing attacks are more attractive then ever and how control groups are failing across all prevention techniques.
Sign up for the webinar to learn what we need to tackle the problem.
A new class of supply chain
attacks named 'slopsquatting' has emerged from the increased use of
generative AI tools for coding and the model's tendency to "hallucinate"
non-existent package names.
Saturday Citations: Huge eruptions from a black hole; the largest-ever functional brain map; origins of human musicalitThis week, researchers reported a brain circuit
linked to the intensity of political behavior. Microbiologists found
that the 2018 eruption of the Kīlauea volcano drove a rare, massive
summertime phytoplankton bloom, the ...
Beams of light that can be guided into
corkscrew-like shapes called optical vortices are used today in a range
of applications. Pushing the limits of structured light, Harvard applied
physicists in the John A. Paulson School ...
Dr. Ho Seong Jang and colleagues at the Extreme
Materials Research Center at the Korea Institute of Science and
Technology (KIST) have developed an upconversion nanoparticle technology
that introduces a core@multi-shell nanostructure, ...
A joint research team has successfully demonstrated
the complete confinement of mechanical waves within a single
resonator—something long thought to be theoretically impossible. Their
findings, published on April 3 in Physical ...
An international team of researchers co-led by Job
Dekker, Ph.D., at UMass Chan Medical School, have identified rules that
tell cells how to fold DNA into the tightly packed, iconic X-shaped
chromosomes formed during mitosis ...
Changes in brain connectivity before and after
puberty may explain why some children with a rare genetic disorder have a
higher risk of developing autism or schizophrenia, according to a UCLA
Health study.
Using electrodes in a fluid form, researchers at
Linköping University have developed a battery that can take any shape.
This soft and conformable battery can be integrated into future
technology in a completely new way. ...
A new study from a University of Nottingham
archaeologist has revealed surprising insights into the city's medieval
past, which challenge long-standing views on the impact of the Black
Death and how the population of Nottingham ...
As the demand for innovative materials continues to
grow—particularly in response to today's technological and environmental
challenges—research into nanomaterials is emerging as a strategic
field. Among these materials, ...
Researchers at Moffitt Cancer Center have found that
tapping into the body's own immune system and activating a type of
immune cell known as B cells, could be the key to boosting the
effectiveness of tumor-infiltrating lymphocyte, ...
The Andromeda galaxy is surrounded by a
constellation of dwarf galaxies that are arranged in a highly lopsided
manner. Analysis of cosmological simulations published in Nature
Astronomy reveal that this degree of asymmetry ...
This was 3 days ago: Health officials are encouraging residents to tele-work, carpool or
use mass transit during the advisory period.
Residents are also advised
to avoid outdoor exercise during the day, delay refueling vehicles until
the evening, and postpone painting or cleaning projects that use
volatile organic compounds.
Localized spikes in PM10, which are inhalable particles less
than 10 micrometers in size, such as dust, were detected in western
Pinal County, but experts caution that readings may not reflect broader
regional trends.
Meanwhile, ozone levels in Phoenix are forecast
to remain in the mid-to-upper range of the Moderate Air Quality Index
(AQI) category.
Millions in Arizona Urged to Work From Home
. . .While a low-pressure system expected over the weekend may reduce ozone
formation, the system is also forecast to bring stronger winds that
could increase airborne dust levels.
An ADEQ spokesperson told Newsweek:
"This
week, air pollution around Arizona will be primarily locally driven.
Therefore, PM10 (dust) and PM2.5(smoke) will generally be highest in the
mornings/evenings, when local activity is greatest during times of
stagnation."
The statement added:
"Ozone is
expected to be elevated in Phoenix each day this week, at most in the
mid-upper range of the Moderate Air Quality Index (AQI) category.
Light
winds and mostly sunny skies will be favorable conditions for the local
formation and build-up of ozone."
/ nbcsnl
SNL Facebook: 
/ snl
SNL Twitter: 
/ nbcsnl
SNL TikTok: 
/ nbcsnl 
1
