Summary: Google blocked over 10,000 instances of Dragon Bridge activity in Q1 2024, a China-affiliated influence operator that pushes pro-PRC views online. The majority of the group’s activity remains low quality content without a political message, but some posts include content critical of the US government.…
Tag: CHINA
Summary: Indonesian immigration authorities raided a villa in Bali and arrested over a hundred foreign nationals suspected of committing cybercrimes.
Threat Actor: Unknown | Indonesian immigration authorities Victim: Foreign nationals | arrested foreign nationals in Bali
Key Point :
Indonesian immigration authorities conducted a raid on a villa in Bali and apprehended over 100 foreign nationals suspected of engaging in cybercrimes.…On May 20, 2024, while everyone was happily celebrating the holiday, the tireless XLab CTIA(Cyber Threat Insight Analysis) system captured a suspicious ELF file around 2 PM, located at /usr/bin/geomi. This file was packed with a modified UPX, had a magic number of 0x30219101, and was uploaded from Russia to VirusTotal, where it was not detected as malicious by any antivirus engine.…
On June 17, 2024, we discovered an ELF sample written in C language with a detection rate of 0 on VT. This sample was packed with a modified upx packer. After unpacking, another modified upx-packed elf file was obtained which was written in CGO mode. After analysis, it was found that this is a new tool from the “8220” mining gang, which is used to install other malware, mainly to install the Tsunami DDoS botnet and the PwnRig mining program.…
Summary: This content discusses a data security startup called Odaseva that has raised $54 million to enhance its services.
Threat Actor: N/A Victim: N/A
Key Point :
A data security startup called Odaseva has raised $54 million in a Series C funding round led by Silver Lake.…Summary: A recent supply chain attack conducted through multiple CDNs has been traced back to a common operator, impacting a large number of websites.
Threat Actor: Unknown | Supply Chain Attack Victim: Multiple websites | Websites affected by supply chain attack
Key Point :
A large-scale supply chain attack was conducted through multiple CDNs, affecting tens of millions of websites.…Summary: Operation First Light 2024, orchestrated by Interpol, resulted in the arrest of thousands of suspects involved in online scams, the freezing of bank accounts, and the seizure of assets worth millions of dollars.
Threat Actor: Online scam networks | online scam networks Victim: Various individuals and organizations targeted by online scams | online scam victims
Key Point :
Operation First Light 2024, led by Interpol, resulted in the arrest of 3950 suspects involved in online scams and the identification of 14,643 more.…Summary: Three novel credential-phishing campaigns have emerged from state-sponsored actors, compromising at least 40,000 corporate users in just three months. These campaigns demonstrate an evolution in capabilities and can bypass controls such as multifactor authentication and URL filtering.
Threat Actor: State-sponsored actors | state-sponsored actors Victim: Corporate users | corporate users
Key Point :
The campaigns, named LegalQloud, Eqooqp, and Boomer, use highly evasive and adaptive threat (HEAT) attack techniques to compromise corporate users.…Threat Actor: USDoD | USDoD Victim: Chinese/Taiwanese Company | Chinese/Taiwanese Company Price: Not specified Exfiltrated Data Type: Employee-level access, certificates, and possibly emails from other employees
Key Points :
USDoD claims to be selling unauthorized access to the web portal of a Chinese/Taiwanese company. The access is at the employee level and appears to belong to a former employee.…Threat Actor: GlorySec | GlorySec Victim: NetMarvel | NetMarvel Price: Not mentioned Exfiltrated Data Type: Not mentioned
Key Points :
GlorySec, a hacking group, has launched a campaign called #OPChina in response to the actions of Chinese hackers. They claim to have seized control of NetMarvel, a global intelligent marketing and commercialization platform that handles a massive volume of data.…Summary: This content discusses how cyberespionage groups are using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.
Threat Actor: ChamelGang | ChamelGang Victim: High-profile organizations worldwide | high-profile organizations
Key Point:
Cyberespionage groups are using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.…Threat researcher Dancho Danchev recently uncovered 130 domains that seemingly belong to fake cryptocurrency sellers. The WhoisXML API research team sought to find potential connections to the threat by expanding the current list of indicators of compromise (IoCs) using our vast array of DNS intelligence sources.…
ReversingLabs researchers have made it a priority to monitor public, open source repositories for malicious packages that may lurk on them in recent years. The number and frequency of malicious packages has increased steadily as malicious actors turn to software supply chains for an easy route into hundreds, thousands or even tens of thousands of protected IT environments. …
Summary: A China-linked state-sponsored threat actor known as RedJuliett has been conducting a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan and other countries.
Threat Actor: RedJuliett | RedJuliett Victim: Government, academic, technology, and diplomatic organizations in Taiwan and other countries | Taiwan
Key Point:
A China-linked state-sponsored threat actor known as RedJuliett has been conducting a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan and other countries.…From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett exploited known vulnerabilities in network edge devices such as firewalls, virtual private networks (VPNs), and load balancers for initial access.…
Victim: marvell.com Country : SG Actor: lockbit3 Source: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/post/K6pkXij4RekWuWo766771326ac8bf Discovered: 2024-06-23 05:45:07.677582 Published: 2024-06-22 18:10:00.000000 Description : 500+gb https://mega.nz/folder/4qdwVIKR#uMVVp4g0U7VjBAo7UCNT5w The company www.alliedtelesis.com had offices in America (3 offices), Europe, Asia, China, Singapore and so on. We hacked into their network and took data from this company www.at-globa……
Victim: at-global.com Country : Actor: lockbit3 Source: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/post/EKCmsphaIGknQN5666771388aee4a Discovered: 2024-06-23 05:44:28.547034 Published: 2024-06-22 18:15:00.000000 Description : 500+gb https://mega.nz/folder/4qdwVIKR#uMVVp4g0U7VjBAo7UCNT5w The company www.alliedtelesis.com had offices in America (3 offices), Europe, Asia, China, Singapore and so on. We hacked into their network and took data from this company www.at-globa……
Summary: This content discusses the importance of public-private collaboration in ensuring the security of critical infrastructure.
Threat Actor: N/A Victim: N/A
Key Point :
The Department of Homeland Security (DHS) emphasizes the need for collaboration between public and private sectors to enhance critical infrastructure security.Artificial Intelligence & Machine Learning , Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks
DHS Calls for Public-Private Collaboration on Critical Infrastructure Security Chris Riotta (@chrisriotta) • June 20, 2024
Department of Homeland Security Secretary Alejandro Mayorkas announced new guidance Thursday to support cybersecurity across critical infrastructure sectors.…A new advanced persistent threat (APT) group dubbed “Unfading Sea Haze” has been trailing its sights on various organizations based in countries surrounding the South China Sea. As it turns out, the group has been active since at least 2018 and targeted eight known victims, mostly military and government entities, in support of Chinese interests so far.…
Summary: The Atlassian June 2024 Security Bulletin addressed multiple high-severity vulnerabilities in their Confluence, Crucible, and Jira products.
Threat Actor: None identified.
Victim: Atlassian.
Key Point :
The Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe vulnerability was an improper authorization dependency in Confluence Data Center and Server, which received a CVSS score of 8.2.…