Tag: RECONNAISSANCE

Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
Summary: A major telecommunications company in Asia suffered a breach by Chinese state-sponsored hackers known as Weaver Ant, who maintained a prolonged presence in their systems for over four years. The attackers employed advanced techniques, including the use of web shells and a unique tool dubbed INMemory, to facilitate cyber espionage and maintain access to sensitive data.…
Read More
Summary: K7 Labs recently analyzed cyber tactics utilized by the North Korean APT group Kimsuky, shedding light on their use of malicious scripts and payloads in recent campaigns. The analysis reveals a sophisticated infection chain designed to exfiltrate sensitive information while evading detection. Key tactics include phishing, malware infections, and the use of dynamic obfuscation techniques to bypass security measures.…
Read More
Unveiled the Threat Actors
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing insight into their behaviors and methodologies. Affected: Government networks, financial institutions, healthcare, energy sector, retail, hospitality, media, technology, and more.…
Read More
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup
The article discusses the evolution of the Lazarus group, indicating that it has now transformed into a collection of subgroups rather than a single entity. It emphasizes the importance of understanding these subgroups, their tactics, and their individual characteristics for effective cyber defense strategies. Affected: Japan, cryptocurrency sector, defense industry, aviation industry

Keypoints :

The term “Lazarus” has evolved from a singular APT group to multiple subgroups.…
Read More
China Chopper & INMemory: Weaver Ant’s Arsenal of Advanced Web Shells
Summary: Sygnia reported on a sophisticated cyberattack by a China-nexus threat actor named Weaver Ant targeting a major telecommunications company in Asia. The group utilized complex methods, including web shell tunneling and advanced evasion techniques, to maintain persistent access for espionage purposes. Their persistent approach integrated multiple web shell types and various stealth techniques, demonstrating high adaptability and evasion from detection mechanisms.…
Read More
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Summary: Recent cyber threats highlight vulnerabilities in open-source tools, escalating ad fraud through mobile apps, and advanced ransomware tactics targeting critical defenses. Notably, attacks have leveraged AI, and a supply chain breach at Coinbase exemplifies these risks. A rise in stolen credentials further underscores the urgent need for improved cybersecurity measures.…
Read More
Technical Advisory: Mass Exploitation of CVE-2024-4577
In June 2024, Bitdefender Labs highlighted a critical security vulnerability (CVE-2024-4577) in PHP affecting Windows systems in CGI mode, allowing remote code execution through manipulated character encoding. This vulnerability has seen an increase in exploitation attempts, especially in Taiwan and Hong Kong, with attackers also modifying firewall settings to block known malicious IPs.…
Read More

🔴 RECONNAISSANCE:

RustScan ==https://github.com/bee-san/RustScanNmapAutomator ==https://github.com/21y4d/nmapAutomatorAutoRecon ==https://github.com/Tib3rius/AutoReconAmass ==https://github.com/OWASP/AmassCloudEnum ==https://github.com/initstring/cloud_enumRecon-NG ==https://github.com/lanmaster53/recon-ngAttackSurfaceMapper ==https://github.com/superhedgy/AttackSurfaceMapperDNSDumpster ==https://dnsdumpster.com/

🔴 INITIAL ACCESS:

SprayingToolKit ==https://github.com/byt3bl33d3r/SprayingToolkito365Recon ==https://github.com/nyxgeek/o365reconPsudohash ==https://github.com/t3l3machus/psudohashCredMaster ==https://github.com/knavesec/CredMasterDomainPasswordSpray ==https://github.com/dafthack/DomainPasswordSprayTheSprayer ==https://github.com/coj337/TheSprayer…
Read More
South Korean Organizations Targeted by Cobalt Strike Cat Delivered by a Rust Beacon
Hunt researchers exposed a web server hosting tools linked to an intrusion campaign against South Korean organizations. This server, available for less than 24 hours, encompassed a Rust-compiled Windows executable that deployed Cobalt Strike Cat along with several other open-source tools. The attacker appears to have focused on exploiting vulnerabilities in government and commercial entities.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
Rust Beacon Deploys Cobalt Strike in South Korean Cyber Intrusion Campaign
Summary: Hunt researchers have detected a sophisticated cyber intrusion campaign focusing on South Korean organizations, utilizing modified Cobalt Strike tools and various open-source exploitation tools. The attackers leveraged a publicly exposed web server to distribute their malware and gather intelligence on over 1,000 Korean domains, targeting government and commercial entities.…
Read More
Operation FishMedley
The US Department of Justice has indicted employees of the Chinese contractor I‑SOON for conducting espionage campaigns, particularly targeting governments, NGOs, and think tanks through the FishMonger APT group. The campaign, termed Operation FishMedley, involved complex techniques and tools typically used by China-aligned threat actors, leading to the compromise of several organizations across various continents.…
Read More
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Summary: A new advanced persistent threat (APT) group named UAT-5918 has been identified, targeting critical infrastructure and various sectors in Taiwan since 2023. Their tactics include gaining long-term access for information theft using web shells and open-source tools, leveraging known security flaws in outdated systems. Researchers associate their methods with other Chinese hacking groups and highlight a sophisticated approach to credential harvesting and data theft.…
Read More
10 Critical Network Pentest Findings IT Teams Overlook
Summary: After conducting over 10,000 automated internal network penetration tests, vPenTest identifies critical security gaps due to common misconfigurations, unpatched systems, and weak passwords. The analysis reveals that these vulnerabilities present significant risks that attackers can exploit easily, often resulting from simple oversights. The article outlines the ten most pressing internal network security risks and provides recommendations to mitigate them effectively.…
Read More
CERT-UA Warns of Cyber Espionage Against the Ukrainian Defense Industry Using DarkCrystal RAT
Summary: The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a cyber espionage campaign targeting the defense sector with the Dark Crystal RAT. This campaign involves the distribution of malicious archived files via Signal, designed to look like legitimate communications. The report highlights the persistent threat posed by the DCRat malware, which has evolved since its first appearance in 2018, with modular capabilities for various malicious actions.…
Read More
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Summary: Browser security is becoming increasingly critical due to a 140% rise in phishing attacks, primarily fueled by zero-day vulnerabilities and advancements in generative AI used by cybercriminals. As attackers adopt sophisticated techniques akin to professional engineering, the risk of browser-based phishing is expected to escalate dramatically moving into 2025.…
Read More