Table of contents Introduction

Scattered Spider (aka UNC3944, Scatter Swine, Muddled Libra, Octo Tempest, Oktapus, StarFraud) is a lucrative intrusion set active since at least May 2022, primarily engaged in social engineering, ransomware, extortion campaigns and other advanced techniques.

The intrusion set employs state-of-the-art techniques, particularly related to social engineering, such as impersonation of IT personnel to deceive employees for targeted phishing, SIM swapping, leverage of MFA fatigue, and contact with victims’ support teams.…

Read More

AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such as ‘smtp-validator’ and ‘Email To Sms’. At the time of execution, the malware creates and runs both a legitimate tool and a malicious file, making it difficult for users to realize that a malicious activity has occurred.…

Read More

Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. This post serves as a community warning regarding the Azure attack and offers suggestions that affected organizations can implement to protect themselves from it.…

Read More
10 Billion Attacks Blocked in 2023, Qakbot’s Resurrection, and Google API Abused Foreword

Welcome to the new edition of our report. As we bid farewell to the year 2023, let’s briefly revisit the threat landscape that defined the past year. In 2023, the overall number of unique blocked attacks surged, reaching an unprecedented milestone of more than 10 billion attacks and a remarkable 49% increase year-over-year.…

Read More

Key Findings A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases.…
Read More

ESET researchers have identified twelve Android espionage apps that share the same malicious code: six were available on Google Play, and six were found on VirusTotal. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) code called VajraSpy, used for targeted espionage by the Patchwork APT group.…

Read More
“Scammers Paradise” —Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations

By Oleg Zaytsev, Nati Tal (Guardio Labs)

Over the last few years, the phishing ecosystem has been “democratized. “ There was a time when kits, infrastructure, and know-how, were available only on invite-only forums in the Dark web, hidden behind Tor Onion networks.…

Read More
Authors: Christopher Kim, Randy McEoin Executive Summary

While cybercriminals are often portrayed as gangs of hackers or lone brilliant coders, more often they buy and sell goods and services as part of a larger criminal economy. For example, some actors sell malware services, and malware-as-a-service (MaaS) allows buyers easy access to the infrastructure necessary to commit crimes.…

Read More
What is Infamous Chisel?

Infamous Chisel is a collection of surveillance tooling used to target Android devices. It was first reported by the Ukrainian Security Service (SBU) in early August 2023 and attributed to Russia’s Sandworm APT. According to the SBU, the main purpose of this toolset was to collect information from Android devices likely connected to Ukrainian military information systems during the Russia-Ukraine war.…

Read More

Summary: TOTP (Time-Based One-Time Password) is a common two-factor authentication method that generates time-sensitive passcodes. However, it has become outdated and vulnerable to brute force attacks. In this article, the author discusses the security risks of TOTP and suggests alternative 2FA methods to enhance security.

Key Points: * TOTP is a simple and widely used 2FA method that lacks complexity in its implementation.…

Read More

One hacker collective continues to confound federal law enforcement and cybersecurity experts — the Scattered Spider. Known by a multitude of aliases such as Muddled Libra, UNC3944, Starfraud, and Octo Tempest, this hacking group has not only infiltrated major corporate networks like MGM Resorts and Caesars Entertainment but has done so with a bold audacity that leaves many wondering.…

Read More
Masterminds of Tech Excellence in the World of Cybercrime

Resecurity has uncovered a cybercriminal group known as “GXC Team“, which specializes in crafting tools for online banking theft, ecommerce fraud, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias “googleXcoder“, made multiple announcements on the Dark Web.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More
Executive Summary

The United States Postal Service (USPS) has taken center stage as this season’s phishing craze. Since July, there has been a remarkable increase in SMS phishing attacks, often called smishing, fueled by the availability of a toolkit on the dark market. The attacks have impacted all forms of text messaging, from iMessage to Android, and all major carriers.…

Read More
Severity

High

Analysis Summary

APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.…

Read More

Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds.

Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and financial information to blackmail them, and in the end gain their funds.…

Read More