Keypoints :
Attackers exploit user trust by using platforms like YouTube to share fake installer links.…
Threat Actor: CryptBot Operators | CryptBot Operators Victim: Users of Cracked Software | users of cracked software
Key Point :
CryptBot is primarily distributed through fake cracked software and Pay-Per-Install solutions like PrivateLoader.…Key Points :
The operation involves a clandestine group amassing authentic identity documents and corresponding facial images.…Summary :
Kaspersky’s GERT team uncovered a cyber incident involving the exploitation of a known Fortinet vulnerability (CVE-2023-48788) leading to unauthorized access and deployment of remote access tools. The incident highlights the importance of timely patching and monitoring of exposed systems. #CyberSecurity #VulnerabilityManagement #IncidentResponse
Keypoints :
Attackers exploited a patched Fortinet vulnerability (CVE-2023-48788) to infiltrate a company’s network.…Summary :
The recent disruption of the Rockstar2FA phishing-as-a-service platform has led to the emergence of a similar service called FlowerStorm, which displays striking similarities to its predecessor. The transition highlights ongoing challenges in the phishing landscape as operators adapt to technical setbacks. #Phishing #CyberSecurity #FlowerStorm
Keypoints :
Rockstar2FA, a phishing-as-a-service platform, experienced a significant infrastructure collapse in November.…Summary :
Rapid7’s analysis uncovered a sophisticated multi-stage attack exploiting Cleo software, utilizing a Java-based Remote Access Trojan (RAT) for reconnaissance and data exfiltration. #CleoExploitation #JavaRAT #CyberThreats
Keypoints :
A novel multi-stage attack was identified targeting Cleo software, deploying an encoded Java Archive (JAR) payload. The attack involves a modular Java-based Remote Access Trojan (RAT) for system reconnaissance and file exfiltration.…### #BulletproofHosting #Proton66 #MaliciousInfrastructure
Summary: This report investigates the connections between the Russian autonomous systems PROSPERO and Proton66, highlighting their involvement in various cybercriminal activities, including malware distribution and phishing campaigns. The findings suggest a sophisticated network of bulletproof hosting services facilitating these malicious operations.
Threat Actor: Proton66 | Proton66 Victim: Various individuals and organizations | phishing victims
Key Point :
PROSPERO and Proton66 share similar network configurations and peering agreements, indicating a strong operational link.…Summary: Lumifi has announced its acquisition of Critical Insight, marking its third acquisition in 13 months, which enhances its incident response capabilities and strengthens its position in the healthcare and critical infrastructure cybersecurity sectors. This strategic move aims to meet the growing demand for advanced cybersecurity solutions as cyber attacks in the healthcare sector increase.…
Summary: Sophos X-Ops reported a series of attacks exploiting a vulnerability in Veeam backup servers, leading to the deployment of new ransomware variants, including a previously undocumented one named “Frag.” This activity is part of a threat cluster identified as STAC 5881, which has also involved the Akira and Fog ransomware families.…
Summary: GootLoader has evolved from a tool used by cybercriminals to an initial access-as-a-service platform, facilitating the deployment of information stealers and ransomware through SEO poisoning techniques. Recent investigations have uncovered a new variant of GootLoader, showcasing its sophisticated methods of delivering malicious payloads via compromised websites.…
Summary:
Ransomware gangs, particularly the Black Basta group, utilize PowerShell and other native tools to stealthily infiltrate networks and deploy attacks. By employing techniques such as obfuscation and encryption, they can execute malicious scripts while avoiding detection. Recent findings highlight the importance of vigilant monitoring to identify such threats.…Summary:
GootLoader has evolved into an initial access as a service platform, primarily used by cybercriminals to deliver GootKit, a sophisticated info stealer and remote access Trojan. Utilizing SEO poisoning techniques, GootLoader entices victims to download malicious payloads disguised as legitimate files, leading to further exploitation and potential ransomware deployment.…Summary: Socure is set to acquire Effectiv for $136 million to enhance its identity verification and onboarding processes, aiming to streamline services and boost revenue. The integration will allow Socure to offer a unified platform experience, improving customer workflows and security protocols.
Threat Actor: Socure | Socure Victim: Effectiv | Effectiv
Key Point :
Socure’s acquisition of Effectiv aims to enhance enterprise-grade identity verification tools and improve customer experience.…