Author: SecureList

Mercedes-Benz Head Unit security research report
This report details the vulnerabilities discovered in the Mercedes-Benz User Experience (MBUX) infotainment system, particularly focusing on the first generation of MBUX subsystems. The research highlights the importance of diagnostic software, the architecture of MBUX, and the various attack vectors identified during testing. Affected: Mercedes-Benz MBUX

Keypoints :

Research focused on the first generation of MBUX infotainment system.…
Read More

Summary :

Kaspersky’s GERT team uncovered a cyber incident involving the exploitation of a known Fortinet vulnerability (CVE-2023-48788) leading to unauthorized access and deployment of remote access tools. The incident highlights the importance of timely patching and monitoring of exposed systems. #CyberSecurity #VulnerabilityManagement #IncidentResponse

Keypoints :

Attackers exploited a patched Fortinet vulnerability (CVE-2023-48788) to infiltrate a company’s network.…
Read More

Summary :

The Lazarus group has escalated its cyberattack strategies through the DeathNote campaign, targeting employees in various sectors with sophisticated malware delivery methods. Recent attacks involved trojanized VNC utilities and a complex infection chain, showcasing their evolving tactics. #LazarusGroup #CyberSecurity #Malware

Keypoints :

The Lazarus group targets employees via fake job opportunities.…
Read More

Summary :

A new Android banking Trojan named “Mamont” has been discovered, spreading through deceptive parcel-tracking scams. Victims receive messages prompting them to identify a person in a photo, leading to malware installation. The scam has evolved to target both individuals and businesses with bulk-priced goods, utilizing convincing tactics to lure victims.…

Read More
Summary: Recent months have witnessed a significant increase in malicious email campaigns utilizing lookalike attachments, particularly ZIP files containing JScript scripts. These scripts, often disguised as legitimate requests for proposals, have targeted numerous users and businesses, primarily in Russia. The campaign, dubbed Horns&Hooves, has evolved over time, employing various methods to deliver the NetSupport RAT, a tool commonly exploited by cybercriminals.…
Read More
Summary: The Elpaco ransomware, a variant of Mimic, utilizes the Everything library for file discovery and features a customizable GUI for attackers. It employs sophisticated techniques for evasion and encryption, making it challenging to recover encrypted files. The ransomware has been observed targeting multiple countries since August 2023.…
Read More

Summary:

In this analysis, we investigate the Ymir ransomware, a new threat identified during an incident response case. The malware employs sophisticated techniques to evade detection and encrypt files, utilizing PowerShell for initial access and executing malicious commands. Our findings highlight the tactics, techniques, and procedures (TTPs) used by the attackers, as well as the implications for cybersecurity defenses.…
Read More

Summary:

In August 2024, a new crimeware bundle named “SteelFox” was identified, utilizing sophisticated execution chains to spread via forums and torrent sites. It masquerades as legitimate software, extracting sensitive user data and leveraging vulnerabilities in Windows services and drivers for privilege escalation.

Keypoints:

SteelFox spreads through malicious forum posts and torrent trackers.…
Read More
Short Summary

Lazarus APT, a sophisticated Korean-speaking threat actor, has been using its backdoor malware Manuscrypt since 2013 in numerous campaigns targeting various sectors. A recent incident involved a zero-day exploit in Google Chrome, which was utilized through a malicious website disguised as a game. This exploit allowed attackers to gain control over victims’ PCs, leading to a significant security breach.…

Read More
Short Summary

Grandoreiro is a Brazilian banking trojan that has been active since at least 2016. It enables threat actors to perform fraudulent banking operations by bypassing security measures of financial institutions. Despite law enforcement efforts to disrupt its operations, Grandoreiro continues to evolve and expand its reach globally, targeting thousands of banks and crypto wallets across multiple continents.…

Read More
Short Summary

Information stealers are malicious software used to collect sensitive data, particularly credentials, which are then sold on the dark web or used for further cyberattacks. In 2023, nearly 10 million devices were attacked by these stealers. The article discusses several notable stealers, including Kral, AMOS, and Vidar, detailing their methods of operation and the data they target.…

Read More

Short Summary:

The article discusses the activities of a new ransomware group dubbed “Crypt Ghouls,” which targets Russian businesses and government agencies. The group employs various tactics, techniques, and procedures (TTPs) similar to other cybercriminal organizations. They utilize tools like Mimikatz, XenAllPasswordPro, and ransomware variants LockBit 3.0 and Babuk to compromise systems and exfiltrate sensitive data.…

Read More
Short Summary

The article discusses a new campaign by the APT group Awaken Likho, targeting Russian government agencies and industrial enterprises. The group has shifted its tactics, now utilizing the legitimate MeshCentral platform for remote access instead of the previously used UltraVNC. The campaign, which began in June 2024, involves sophisticated phishing techniques and the deployment of a new implant that enhances the attackers’ ability to maintain control over infected systems.…

Read More
Short Summary: In a recent malware campaign targeting Russian-speaking users, attackers have been using unconventional methods to mine cryptocurrency on victims’ devices without consent. They exploit popular software download sites, Telegram channels, and YouTube videos to distribute malicious files. The infection chain involves sophisticated techniques for persistence and evasion, including the use of a legitimate SIEM agent, Wazuh, as a backdoor.…
Read More
Short Summary

The article discusses the critical role of machine learning (ML) in analyzing cybersecurity logs to enhance threat detection capabilities. It highlights Kaspersky’s experience in utilizing ML algorithms, particularly Random Forest, to identify new cyberthreats and indicators of compromise (IoCs) from vast datasets. The challenges of implementing ML in cybersecurity, including dataset preparation and model interpretability, are also addressed.…

Read More