Key Points
Escalated tensions between Iran and Israel could give rise to cyber threats.Several advanced persistent threat (APT) groups are involved on both sides: APT34, APT35, and CyberAv3ngers in Iran, and Predatory Sparrow in Israel.Iranian-affiliated APTs utilize a wide array of TTPs, including spearphishing and drive-by compromise, to significantly expand the attack surface for companies with ties to Israel or Israeli vendors.…Tag: MONITOR
Published On : 2024-04-26
EXECUTIVE SUMMARYAt CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team have identified an open directory listing URLs containing highly obfuscated malicious Windows batch scripts in the wild, which executes a stealthy Monero (XMR) crypto miner as the final payload.…
Key TakeawaysA new Android Banking Trojan, “Brokewell”, was identified as distributing via a fake Chrome Update phishing site.
The malware’s development is attributed to the developer, “Baron Samedit,” who manages the “Brokewell Cyber Labs” project.
Utilizing Gitea, the malware developer hosts the Brokewell Android Loader project repository and shares underground forum links related to their profile. …
Read More
Introduction
Read More Zscaler ThreatLabz researchers recently encountered a significant number of websites associated with fraudulent activities being hosted on popular web hosting and blogging platforms. Threat actors intentionally create these sites to spread malware by using the proliferation of web hosting platforms to manipulate search engine results – something called SEO poisoning, a subset of Black Hat SEO techniques.…
Summary: Cisco has warned that a state-backed hacking group has been exploiting two zero-day vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide.
Threat Actor: UAT4356 | UAT4356 Victim: Government networks worldwide | government networks
Key Point :
A state-backed hacking group, UAT4356, has been exploiting two zero-day vulnerabilities in Cisco’s ASA and FTD firewalls to breach government networks worldwide.…
Securonix Threat Research Security Advisory – Fast Track/Early-Warning Coverage Advisory (FCA)
By Securonix Threat Research: D.Iuzvyk, T. Peck, O.Kolesnikov
Read More Apr 24, 2024
tldr:The Securonix Threat Research Team has been monitoring a new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT.…
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into and out of the network, these devices need to be routinely and promptly patched; using up-to-date hardware and software versions and configurations; and be closely monitored from a security perspective.…
On April 3, 2024, a newly discovered ransomware group surfaced as Senior Threat Analyst Rakesh Krishnan shed light. Known as Red CryptoApp, this group began its operations between February and March, coinciding with the dismantling or retreat of Lockbit and ALPHV.
Red Ransomware Group’s Wall of Shame
Who is Red RansomwareRed Ransomware or Red CryptoApp, a fresh ransomware group, surfaced in March 2024 and promptly revealed the data of 11 victims on its Data Leak Site (DLS), along with announcing an additional victim.…
By Securonix Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
tldr:The Securonix Threat Research team (STR) observed an interesting attack campaign which leveraged SSLoad malware and Cobalt Strike implants resulting in the attackers being able to pivot and take over the entire network domain.
SSLoad malware was the primary vector deployed by threat actors during the FROZEN#SHADOW campaign along with Cobalt Strike and ScreenConnect RMM (remote monitoring and management) software.…
In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed to pose a risk to their owners and facilitate criminality. This was not an issue unique to the US or to that time period, of course; in the UK, where handguns are now strictly regulated, criminals often resort to reactivated, or even home-made or antique, firearms.…
In this blog entry, we discuss Trend Micro’s contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan.
Last April 2023, the International Criminal Police Organization (Interpol) requested any indicators of compromise (IOCs) or information related to the banking trojan Grandoreiro, specifically for command-and-control (C&C) servers.…
Key PointsAvast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers
Avast disclosed the vulnerability to both eScan antivirus and India CERT. On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved
The campaign was orchestrated by a threat actor with possible ties to Kimsuky
Two different types of backdoors have been discovered, targeting large corporate networks
The final payload distributed by GuptiMiner was also XMRigIntroduction
Read More We’ve been tracking a curious one here.…
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation.
However, as organizations migrate to the cloud, they face a complex and growing threat landscape of sophisticated and cloud-conscious threat actors.…
Curated list of bookmarks that are usefulf or OSINT activities. They are broken down into appropriate categories such as:
Search EnginesServices ListsLeak Sites (to monitor if yours or your organisations information may be exposed)Chat & File SharingThe file is designed to be imported into your TOR bookmarks manager (you need TOR browser installed) using the following method:
Download & Unzip the file above.…We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it.…
Privileged Access Management (PAM) is a critical aspect of information security that focuses on controlling, managing, and monitoring the access and activities of privileged users within an IT environment. Privileged users include administrators, superusers, and accounts with elevated rights that allow them to perform sensitive tasks, such as configuring system settings, managing network devices, modifying user accounts, and accessing confidential information.…
Email Security Appliances (ESAs) are hardware or software solutions designed to protect an organization’s email system from a wide range of email-based threats. These appliances play a crucial role in securing inbound and outbound emails by filtering spam, blocking malware, preventing phishing attacks, and ensuring that sensitive information is safeguarded.…
“There are too many firewall features available today; I am using Cisco ASA as an example for this firewall topic.” Cisco ASA is a versatile network security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. Cisco ASA is designed to protect networks and ensure secure communications and data transfer.…
AhnLab Security Intelligence Center (ASEC) has recently confirmed cases of the TargetCompany ransomware group installing Mallox ransomware on MS-SQL servers.The TargetCompany ransomware group primarily targets poorly managed MS-SQL servers to install Mallox ransomware.These attacks have been ongoing for years, but this analysis focuses on the newly discovered malicious code and its connection to previous attacks involving Tor2Mine coin miners and BlueSky ransomware.…
Read More Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.
OpenMetadata is an open-source platform designed to manage metadata across various data sources.…