Affected Platforms: Microsoft WindowsImpacted Users: Microsoft Windows UsersImpact: This loader has been used to load multiple RATs and info stealers, which can lead to compromised credentials and enable further malicious activitiesSeverity Level: Medium

Executive Summary

While analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023.…

Read More

Threat actors of advanced capability seek to compromise network edge devices such as Ivanti systems to establish advanced footholds, from which to perform targeted reconnaissance identifying organizations with data of high value. Three vulnerabilities recently announced in Ivanti systems underscore the importance of layered security for internet-exposed systems.…

Read More

Victim: rajawali.com Country : ID Actor: lockbit3 Source: http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion/post/mBIMu0vMBfy4MUCj65cbd0aba4648 Discovered: 2024-02-13 22:28:40.362981

Description: Rajawali Group is an Indonesia National Investment Holding Company operating in diverse industries covering plantation, mining, hotel and property (Sheraton, Luxury Collection, St Regis and Four Seasons), infrastructure, transportation (Express Taxi)… …

Read More

In late 2023, a new and distinct ransomware group named 3AM Ransomware emerged. It came to the forefront as a fallback for other ransomware, notably during failed deployments of the infamous LockBit ransomware and later their interesting choice in their website.

First reported by Symantec, the discovery and emergence of 3AM Ransomware marked a notable and interesting event in the cybercrime world.…

Read More

AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such as ‘smtp-validator’ and ‘Email To Sms’. At the time of execution, the malware creates and runs both a legitimate tool and a malicious file, making it difficult for users to realize that a malicious activity has occurred.…

Read More

Executive Summary 

EclecticIQ analysts observed that cybercriminals increased the delivery of the DarkGate loader following the FBI’s takedown of Qakbot infrastructure in August 2023 [1]. EclecticIQ analysts assess with high confidence that financially motivated threat actors, including groups like TA577 and Ducktail, along with Ransomware-as-a-Service (RaaS) organizations such as BianLian and Black Basta, primarily use DarkGate.…

Read More

Affected Platforms: FortiGateImpacted Users: Government, service provider, consultancy, manufacturing, and large critical infrastructure organizationsImpact: Data loss and OS and file corruptionSeverity Level: High

Executive Summary

The following supplementary research provides an analysis of the exploitation of resolved N-Day Fortinet vulnerabilities. “N-Day vulnerabilities” refer to known vulnerabilities for which a patch or fix is available but for which organizations have not yet resolved via patching.…

Read More
SUMMARY

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.…

Read More

AhnLab SEcurity intelligence Center (ASEC) previously uploaded the article “BlueShell Used in APT Attacks Against Korean and Thai Targets” [1] on the ASEC blog which introduced BlueShell malware strains that were used against Linux systems in Thailand and Korea. The threat actor customized the BlueShell backdoor malware for their attack, and configured the malware’s operating condition to only work in specific systems.…

Read More

Key FindingsA network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases.…
Read More
Key Takeaways Cyble Research and Intelligence Labs (CRIL) has uncovered an active malware campaign targeting cryptocurrency users.  In this campaign, the Threat Actors (TA) utilized deceptive websites posing as legitimate cryptocurrency applications, including Metamask, Wazirx, Lunoapp, and Cryptonotify.  All these malicious sites are distributing the same clipper payload – that CRIL has dubbed “XPhase Clipper” – designed to intercept and modify cryptocurrency wallet addresses copied by users. …
Read More

ESET researchers have identified twelve Android espionage apps that share the same malicious code: six were available on Google Play, and six were found on VirusTotal. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) code called VajraSpy, used for targeted espionage by the Patchwork APT group.…

Read More

Mandiant Managed Defense has been tracking UNC4990, an actor who heavily uses USB devices for initial infection. UNC4990 primarily targets users based in Italy and is likely motivated by financial gain. Our research shows this campaign has been ongoing since at least 2020.

Despite relying on the age-old tactic of weaponizing USB drives, UNC4990 continues to evolve their tools, tactics and procedures (TTPs).…

Read More

ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providing technical analysis, statistical information, and known command and control (C&C) server domain names and IP addresses. Due to a design flaw in Grandoreiro’s network protocol, ESET researchers were also able to get a glimpse into the victimology.…

Read More

January 23, 2024

Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks

The recent ethnic rebel attacks in Myanmar have put the Myanmar junta and surrounding countries on high alert. Since October 2023, a rebel alliance called the Three Brotherhood Alliance (3BHA) has been attacking Myanmar’s military across its northern regions, reportedly seizing its junta outposts and military positions.…

Read More