Key PointsAvast discovered a new campaign targeting specific individuals through fabricated job offers.  Avast uncovered a full attack chain from infection vector to deploying “FudModule 2.0” rootkit with 0-day Admin -> Kernel exploit.  Avast found a previously undocumented Kaolin RAT, where it could aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from C&C server.…
Read More

Summary: As part of an international operation called PhishOFF and Nebulae, 37 individuals have been arrested in connection with the cybercrime service LabHost, which was used to steal personal credentials through phishing attacks targeting banks and high-profile organizations.

Threat Actor: LabHost | LabHost Victim: Multiple victims worldwide

Key Point :

LabHost, one of the largest Phishing-as-a-Service (PhaaS) providers, offered phishing pages targeting banks, high-profile organizations, and service providers primarily in Canada, the U.S.,…
Read More
Introduction

To enhance our threat intelligence, improve detection and identify new threats, Sekoia.io analysts perform continuous hunting and detection engineering every day to give our customers more options to protect themselves. Sekoia.io Threat Detection & Research (TDR) team is there to fill our SOC platform with detection rules and CTI.…

Read More

Summary: Employee fraud in the UK increased due to remote working and financial pressures, according to Cifas. The number of individuals engaging in dishonest actions for personal gain grew by 14% in 2023, with reduced supervision and increased opportunities being key factors.

Threat Actor: Insider Threats | Insider Threats Victim: Organizations | Organizations

Key Point :

Employee fraud in the UK increased by 14% in 2023, with the most common reason being dishonest actions for personal gain.…
Read More

Summary: This blog post discusses a threat actor that used malvertising and DNS tunneling to distribute a backdoor named “MadMxShell” to target IT professionals in the IT security and network administration roles. The post provides details on the attack chain, technical analysis of the backdoor, infrastructure details, observed commands, indicators of compromise (IOCs), and coverage by Zscaler’s security platform.…

Read More

Summary: Cybersecurity researchers have discovered a new campaign that exploits a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.

Threat Actor: Unknown | Connect:fun Victim: Unnamed media company | Unnamed media company

Key Point :

A new campaign called Connect:fun is exploiting a critical SQL injection flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.…
Read More

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.

LabHost takedown

On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost.…

Read More

Date Reported: 2024-04-15 Country: France (FRA) Victim: Le Slip Français | leslipfrancais.fr

Additional Information:

Le Slip Français, a company specialized in the sale of underwear, fell victim to a cyberattack on April 15th. The attack resulted in the theft of certain personal data of its customers, although passwords or payment card information were not compromised.…
Read More
Summary

This report details the resurgence of the LightSpy mobile espionage campaign, which focuses on targets in Southern Asia and probably India, potentially indicating a renewed focus on political targets and tensions in the region.

Beyond our findings, the echoes of concern reach further. VirusTotal submissions from India suggest potential victims within its borders, aligning with recent warnings by Apple on detections within the same country.…

Read More
Key findings:The group is targeting various countries around the world in addition to its priority region of Latin America.It uses long chains that incorporate a variety of tools and malware: AgentTesla, FormBook, Remcos, LokiBot, Formbook, Guloader, SnakeKeylogger, XWorm, and others.The group uses compromised legitimate FTP servers for C2, and SMTP servers, for C2 and phishing.…
Read More

Summary: The World Cybercrime Index reveals that Russia is the top hub for digital threat actors and the most significant source of global cybercrime, followed by Ukraine, China, the United States, Nigeria, and Romania.

Threat Actor: Russia, Ukraine, China, United States, Nigeria, Romania

Victim: N/A

Key Point:

Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide.…
Read More

Summary: Test files associated with the XZ Utils backdoor have been found in the Rust crate liblzma-sys, which has been downloaded over 21,000 times. The backdoor was discovered in late March and allowed for remote code execution through manipulation of the Secure Shell Daemon (sshd).

Threat Actor: Unknown | Unknown Victim: Rust developers using the liblzma-sys crate | liblzma-sys

Key Point :

Test files associated with the XZ Utils backdoor were found in the liblzma-sys crate, which has been downloaded over 21,000 times.…
Read More

Threat Actor: Credential Stuffing Attackers | Credential Stuffing Attackers Victim: Roku | Roku Price: N/A Exfiltrated Data Type: User account information

Additional Information :

Roku announced that 576,000 accounts were hacked in credential stuffing attacks. Threat actors used credentials stolen from third-party platforms. Unauthorized actors accessed around 15,000 user accounts in the first security breach.…
Read More