Summary: The content discusses how the four major banks in Australia are constantly under attack from threat actors, with the aim of stealing sensitive information and money from customers.

Threat Actor: Unknown threat actors

Victim: ANZ Bank, Commonwealth Bank, National Australia Bank (NAB), and Westpac

Key Point :

The four major banks in Australia are under constant attack, with threat actors launching a barrage of attacks every minute of every day.…
Read More

Key Points

In June 2024, ReliaQuest responded to detections from an endpoint detection and response (EDR) tool signaling the beginning of a ransomware attack by the “Medusa” ransomware group that resulted in the encryption of various hosts in a customer environment. Since 2022, the Ransomware-as-a-Service (RaaS) group Medusa has targeted organizations in the technology, education, manufacturing, and healthcare sectors by taking advantage of unpatched vulnerabilities and hijacking legitimate accounts.…
Read More

Summary: Operation First Light 2024, orchestrated by Interpol, resulted in the arrest of thousands of suspects involved in online scams, the freezing of bank accounts, and the seizure of assets worth millions of dollars.

Threat Actor: Online scam networks | online scam networks Victim: Various individuals and organizations targeted by online scams | online scam victims

Key Point :

Operation First Light 2024, led by Interpol, resulted in the arrest of 3950 suspects involved in online scams and the identification of 14,643 more.…
Read More

Summary: Three novel credential-phishing campaigns have emerged from state-sponsored actors, compromising at least 40,000 corporate users in just three months. These campaigns demonstrate an evolution in capabilities and can bypass controls such as multifactor authentication and URL filtering.

Threat Actor: State-sponsored actors | state-sponsored actors Victim: Corporate users | corporate users

Key Point :

The campaigns, named LegalQloud, Eqooqp, and Boomer, use highly evasive and adaptive threat (HEAT) attack techniques to compromise corporate users.…
Read More

Summary: This article discusses the use of social engineering and phishing by scammers to deceive workers and IT help desk staff.

Threat Actor: Scammers | scammers Victim: Workers and IT help desk staff | workers and IT help desk staff

Key Point :

Federal authorities warn of social engineering and phishing techniques used by scammers to deceive workers and IT help desk staff.…
Read More

Summary: The European Union has sanctioned Russian state hackers, including two military officers, who were involved in “hack and leak” operations against Western governments.

Threat Actor: Russian state hackers | Russian state hackers Victim: Western governments | Western governments

Key Point :

The European Union has imposed sanctions on four Russian domestic intelligence agency hackers, including two military officers from the Federal Security Service.…
Read More

Key Takeaways 

Cyble Research and Intelligence Labs (CRIL) recently came across a malware campaign involving a malicious lnk file associated with the UAC-0184 threat actor group. 

Previously, UAC-0184 targeted Ukrainian entities in Finland, utilizing the Remcos RAT in their operations. 

In their latest campaign, there are signs suggesting the group may be focusing on Ukraine, using disguised lure documents to distribute the XWorm RAT. …
Read More

Summary: A new adware family called AdsExhaust is being distributed through a campaign that tricks users searching for the Meta Quest application into downloading it.

Threat Actor: AdsExhaust | AdsExhaust Victim: Users searching for the Meta Quest application | Meta Quest

Key Point :

The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes.…
Read More

ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024

Analysis Summary

The SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…

Read More

Recent history could be termed the Age of Ransomware in the realm of cybercrime. However, threat actors have discovered a way to profit without the need for malware development or sophisticated methods. SpaceBears is a new participant in the Data Broker trend, which has gained momentum particularly due to major crackdowns on ransomware groups by security forces.…

Read More

Summary: Multifactor authentication (MFA) is playing a significant role in determining the success of attackers in penetrating network defenses, with MFA appearing in almost half of all security incidents encountered by Cisco Talos incident response teams in the first quarter of the year.

Threat Actor: Attackers attempting to bypass MFA Victim: Various organizations affected by security incidents

Key Point :

Multifactor authentication was involved in almost 50% of security incidents encountered by Cisco Talos incident response teams.…
Read More

Summary: The content discusses the prevalence of credential compromises caused by email-based social engineering attacks in organizations, with a focus on phishing and scamming as the primary methods used by threat actors.

Threat Actor: Social engineering attackers | social engineering attackers Victim: Organizations | organizations

Key Point :

92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023.…
Read More

Summary: Threat actors are using free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer.

Threat Actor: Unknown | Unknown Victim: Unsuspecting users | Unsuspecting users

Key Point :

Threat actors are tricking users into downloading password-protected archive files containing trojanized copies of popular software.…
Read More

Summary: A new malware distribution campaign is using fake Google Chrome, Word, and OneDrive errors to deceive users into running malicious PowerShell “fixes” that install malware.

Threat Actor: ClearFake, ClickFix, TA571

Victim: Multiple victims targeted by the threat actors mentioned above.

Key Point :

The campaign involves the use of website overlays that prompt users to install a fake browser update, resulting in malware installation.…
Read More

Summary: A 22-year-old man from the UK, known as “Tyler,” has been arrested in Spain for allegedly leading the cybercrime group Scattered Spider, which is responsible for hacking into numerous organizations including Twilio, LastPass, DoorDash, and Mailchimp.

Threat Actor: Scattered Spider | Scattered Spider Victim: Various organizations including Twilio, LastPass, DoorDash, and Mailchimp | Twilio, LastPass, DoorDash, Mailchimp

Key Point :

A 22-year-old man from the UK, known as “Tyler,” has been arrested in Spain for allegedly leading the cybercrime group Scattered Spider.…
Read More