More than a week after it suffered a crippling ransomware attack, the hotel giant MGM is struggling to recover. The attack, linked to the ransomware-as-a-service (RaaS) group known as ALPHV, or BlackCat, caused slot machines and ATMs in MGM’s Las Vegas hotels to go dark and forced hotel staff to revert to pencil and paper while guests queued for hours in lines to check in and out of their rooms.  …

Read More

Executive Summary 

EclecticIQ analysts identified a cyber espionage campaign where threat actors used a variant of HyperBro loader with a Taiwan Semiconductor Manufacturing (TSMC) lure, likely to target the semiconductor industry in Mandarin/Chinese speaking East Asian regions (Taiwan, Hong Kong, Singapore). Operational tactics, techniques, and procedures (TTPs) overlap with previously reported activities attributed to People’s Republic of China (PRC) backed cyber espionage group. …

Read More

Published On : 2023-09-29

EXECUTIVE SUMMARY

At CYFIRMA, our commitment is to furnish you with the latest insights into prevalent threats and strategies employed by malicious actors, aiming at both organizations and individuals. This report provides a comprehensive analysis of “The-Murk-Stealer;” an open-source stealer, shedding light on its functionalities and capabilities.…

Read More

The following write-up and analysis is thanks to Matthew Brennan, Harlan Carvey, Anthony Smith, Craig Sweeney, and Joe Slowik. 

Background

Huntress periodically performs reviews of identified incidents for pattern analysis, and leverages open and closed sources of intelligence to engage in threat hunting operations. At times, a combination of these activities—reviewing what we have already remediated and what we learn from external sources—reveals an overlap in adversary operations against Huntress partners and clients.…

Read More
Key takeaways Cyble Research and Intelligence Labs (CRIL) recently came across a new stealer called “Exela”. Exela is a Python-based open-source stealer that steals a wide range of sensitive information from compromised systems. It features an extensive array of anti-debugging and anti-virtual machine (VM) techniques, making it a potent tool for Threat Actors (TAs).…
Read More
Introduction

In a recent disturbing development, software advertised as legitimate has become the weapon of choice for cybercriminals. Two notable examples of this behavior are the Remcos RAT (remote administration tool) and GuLoader (also known as CloudEyE Protector).

These programs, which are positioned as legitimate tools, are constantly used in attacks and occupy top positions in the most prevalent malware rankings.…

Read More

Crypto fraud has become the dominant form of Internet-based confidence schemes over the past three years, as demonstrated by the sha zhu pan (“pig butchering”) scams we recently investigated. But one variant has been growing at a particularly rapid pace: fake “liquidity mining.” Sophos X-Ops has also seen growth in crypto phishing sites that connect to cryptocurrency wallets while impersonating cryptotrading-related brands in other types of scams, but these sites are often used by sha zhu pan scammers to separate victims from their money.…

Read More

Published On : 2023-09-17

EXECUTIVE SUMMARY

At Cyfirma, we are committed to providing up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. In this analysis, we delve into a trending information stealer RedLine. This investigation reveals a novel strain of malware that is being disseminated in the guise of a counterfeit document, packaged within a zip archive that houses a batch script file.…

Read More

On August 29, 2023, Retool notified 27 cloud customers that there had been unauthorized access to their accounts. If you’re reading this and you were not notified, don’t worry – your account was not impacted. There was no access to on-prem or managed accounts. Nevertheless, here’s what happened, with the hope that this will help apply the lessons we’ve learned and prevent more attacks across the industry.…

Read More

Authored by Yashvi Shah

Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of recording keystrokes, extracting clipboard content, and searching the disk for valuable data. The acquired information can be transmitted to its command-and-control server via various channels, including HTTP(S), SMTP, FTP, or even through a Telegram channel.…

Read More
Investigating the Senders

Using Microsoft Purview’s eDiscovery tool we searched for the senders (participants) in Microsoft Teams.

The senders of the external Microsoft Teams chat messages were identified as “Akkaravit Tattamanas” (63090101@my.buu.ac.th) and “ABNER DAVID RIVERA ROJAS” (adriverar@unadvirtual.edu.co). Truesec Threat Intelligence confirmed the accounts were compromised via an unknown malware and put up for sale on the Dark Web in August 2023.…

Read More

Hàng tháng, Chúng tôi – GTSC tổng hợp lại các thông tin về bảo mật về APT, Malware, CVEs và gói gọn nó vào trong một bài tổng hợp.

1.1     Chimera Group

NCC Group và Fox-IT đã và đang theo dõi một nhóm tấn công với nhiều mục tiêu đa dạng, từ các sở hữu trí tuệ (IP) của các nạn nhân trong ngành công nghiệp chất bán dẫn cho đến dữ liệu từ ngành công nghiệp hàng không.…

Read More

A burgeoning attack involving Google Looker Studio is making the rounds. In the last few weeks, we’ve seen over a hundred of these attacks.

Google Looker Studio is a tool that converts information—slideshows, spreadsheets, etc—into visualized data, such as charts and graphs.

Hackers are utilizing it to create fake crypto pages that are designed to steal money and credentials.…

Read More

Estimated reading time: 3 minutes

Overview

In the 1990s, as the internet gained popularity, cybercriminals started developing and distributing basic forms of malware, including password stealers. Early stealer malware primarily targeted login credentials and passwords for online services and email accounts. As technology advanced, so did the capabilities of stealer malware.…

Read More