Focus Mode
Cyber Security News

RST TI Report Digest: 27 Jan 2025

iocOne
RST TI Report Digest: 27 Jan 2025
This week’s review of threat intelligence reports highlights a surge in malware targeting macOS, the rise in supply chain attacks affecting Chrome extensions, and sophisticated cyber campaigns including those by North Korean groups. Various indicators of compromise and details on techniques used were extracted to provide a comprehensive overview of the threats.
Affected: macOS users, Chrome browser, Cryptocurrencies, South Korean VPN providers

Keypoints :

  • 2024 sees increased malware targeting macOS, particularly in enterprise environments.
  • Notable malware families include Amos Atomic, BeaverTail, HZ RAT, and CloudChat Infostealer.
  • North Korean state-sponsored groups are linked to campaigns targeting cryptocurrencies.
  • Supply chain attack by PlushDaemon against a South Korean VPN provider, deploying SlowStepper backdoor.
  • Malicious Chrome extensions harvested sensitive information through phishing tactics.
  • Indicators of compromise identified across multiple campaigns highlighting evolving tactics.
  • Increased sophistication in ransomware attacks on macOS platforms.
  • Malware incidents reported as part of a continuous pattern of attacks targeting specific sectors.
  • Threat actors employed diverse methods, including phishing and exploiting known vulnerabilities.
  • Cybersecurity agencies are intensively analyzing these threats to bolster defenses.

MITRE Techniques :

  • TA0042: Resource Development – Threat actors are establishing infrastructure, such as compromised extensions.
  • T1071: Application Layer Protocol – Used for command and control communications.
  • T1086: PowerShell – Utilized for downloading malicious scripts.
  • T1185: Man-in-the-Middle – Exploited during phishing campaigns to inject malicious code.
  • T1213: Data from Information Repositories – Malware strains extract sensitive information such as API keys and tokens.
  • T1135: Notifier – Used for establishing continuous communication with command and control servers.

Full Story: https://medium.com/@rst_cloud/rst-ti-report-digest-27-jan-2025-1576a765f586?source=rss——cybersecurity-5

Tags: CHINA, CLOUD, RUSSIA, PAYLOAD, DISCOVERY, BROWSER, FINANCIAL, SPAM