No one is safe from scams, especially targeted scams that are designed using social engineering techniques. Targeted scams, unlike individual-targeted phishing or investment frauds, are carefully crafted attack scenarios based on pre-collected information about the target. These attacks, such as business email compromise (BEC) and spear phishing emails, are difficult for the victim organization to recognize as scams.…
Read More

Published On : 2024-05-03

EXECUTIVE SUMMARY

The team at CYFIRMA recently intercepted Android malware suspected to have been delivered by a Pakistan-based APT group targeting Indian defense personnel. Surprisingly, the campaign has been active for over a year. The unidentified threat actor possibly utilized Spynote, or its modified version known by Craxs Rat, obfuscating the app with a high level of complexity, making it difficult to understand.…

Read More

Written by: Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery

APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.…

Read More

Summary: The UK’s National Cyber Security Centre (NCSC) has launched a new initiative called Advanced Mobile Solutions (AMS) to enhance cyber-resilience for organizations targeted by nation-state threats on their mobile infrastructure.

Threat Actor: Nation-state threat actors | nation-state threat actors Victim: High-threat organizations | high-threat organizations

Key Point :

The NCSC’s Advanced Mobile Solutions (AMS) risk model aims to protect against the targeting of consumer-grade devices by commercial spyware, which can serve as a gateway for sophisticated threat actors to access corporate systems and data.…
Read More

Summary: The content discusses the increase in the exploitation of vulnerabilities as an initial access step for a breach, highlighting the significant growth between 2022 and 2023.

Threat Actor: Cybercriminals | Cybercriminals Victim: Organizations | Organizations

Key Point :

The exploitation of vulnerabilities as an initial access step for a breach increased by 180% between 2022 and 2023, accounting for 14% of malicious actors’ way into a network.…
Read More

Summary: A hacking group linked to Iran’s Revolutionary Guard Corps impersonated journalists and human rights activists as part of a social engineering campaign, targeting organizations such as The Washington Post and prominent think tanks.

Threat Actor: APT42 | APT42 Victim: Various news organizations and think tanks including The Washington Post, The Economist, and the Aspen Institute.…

Read More

Verizon’s 17th annual Data Breach Investigations Report (DBIR) for 2024 offers an in-depth look at the latest trends in data breaches and cyber security incidents. Analyzing data from over 30,458 incidents and 10,626 confirmed breaches between November 2022 and October 2023, Verizon DBIR 2024 provides crucial insights into the evolving threat landscape.…

Read More

Summary: A social engineering campaign known as DEV#POPPER is targeting software developers with bogus npm packages disguised as job interviews to trick them into downloading a Python backdoor. The campaign is linked to North Korean threat actors.

Threat Actor: North Korean threat actors | North Korean threat actors Victim: Software developers | software developers

Key Point :

An ongoing social engineering campaign known as DEV#POPPER is targeting software developers with bogus npm packages under the guise of a job interview.…
Read More

Key Points

Escalated tensions between Iran and Israel could give rise to cyber threats. Several advanced persistent threat (APT) groups are involved on both sides: APT34, APT35, and CyberAv3ngers in Iran, and Predatory Sparrow in Israel. Iranian-affiliated APTs utilize a wide array of TTPs, including spearphishing and drive-by compromise, to significantly expand the attack surface for companies with ties to Israel or Israeli vendors.…
Read More

Published On : 2024-04-26

EXECUTIVE SUMMARY:

At Cyfirma, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Fletchen stealer, an information stealing malware crafted with advanced functionalities and anti-analysis defense.…

Read More
Securonix Threat Research Security Advisory – Fast Track/Early-Warning Coverage Advisory (FCA) By Securonix Threat Research: D.Iuzvyk, T. Peck, O.Kolesnikov

Apr 24, 2024

tldr:

The Securonix Threat Research Team has been monitoring a new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT.…

Read More

Summary: The content discusses the risks associated with employee use of generative AI (GenAI) and the potential data leaks it can cause. It also highlights the concerns of UK CISOs regarding the use of GenAI by threat actors.

Threat Actor: N/A

Victim: UK companies

Key Point :

One in five UK companies has had potentially sensitive corporate data exposed due to employee use of generative AI (GenAI).…
Read More

Summary: The U.S. Treasury Department has sanctioned four Iranian nationals and two front companies for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies.

Threat Actor: Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) | IRGC-CEC Victim: U.S. government, defense contractors, and private companies | U.S.…

Read More

In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed to pose a risk to their owners and facilitate criminality. This was not an issue unique to the US or to that time period, of course; in the UK, where handguns are now strictly regulated, criminals often resort to reactivated, or even home-made or antique, firearms.…

Read More

Threat Actor: Chinese keyboard apps | Chinese keyboard apps Victim: Users of Baidu, Tencent, iFlytek, Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi | users of Chinese keyboard apps Price: Not specified Exfiltrated Data Type: Keystrokes

Additional Information:

Massive Impact: Up to a billion users could be affected by the security flaws in Chinese keyboard apps from Baidu, Tencent, iFlytek, and popular phone brands used across China (Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi).…
Read More
CrowdStrike Falcon® Next-Gen SIEM enables companies to search, investigate and hunt down threats, including detection of advanced ransomware targeting VMware ESXi  Initial access to the ESXi infrastructure1 is typically gained through lateral movement using valid credentials eCrime actors target and deploy ransomware in ESXi environments to increase the impact and scale of their attacks, which can be devastating for organizations

CrowdStrike Falcon Next-Gen SIEM, the definitive AI-native platform for detecting, investigating and hunting down threats, enables advanced detection of ransomware targeting VMware ESXi environments. …

Read More

Summary: Researchers at SafeBreach discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files, even after both vendors claim to have patched the problem.

Threat Actor: N/A

Victim: Microsoft and Kaspersky

Key Point:

Researchers found that Microsoft Defender and Kaspersky’s Endpoint Detection and Response (EDR) can be manipulated to detect false positive indicators of malicious files and delete them.…
Read More