Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Tag: SOCIAL ENGINEERING
Summary: The content discusses the need for the FBI to adapt and evolve in order to combat the hacking collective known as Scattered Spider, which has targeted major companies in the U.S.
Threat Actor: Scattered Spider | Scattered Spider Victim: Major companies in the U.S. | Major companies in the U.S.…
Summary: Researchers have found that the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is having a positive impact on organizations by helping them patch vulnerabilities faster.
Threat Actor: N/A
Victim: N/A
Key Point :
The Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is a repository for software and hardware bugs actively being exploited by hackers around the world.…As many people know, popular websites often display a dialog window when you first visit them. This could be a paywall to read an article, a notice about cookies, or maybe a friendly message asking you to disable your ad blocker.
In technical terms, a web page element that displays in front of and deactivates the rest of a page is called a modal.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Summary: North Korean threat actors are using weak email policies to impersonate legitimate domains and conduct espionage phishing campaigns, targeting policy analysts and experts in East Asian affairs.
Threat Actor: North Korean threat actors | Kimsuky Victim: Policy analysts and experts in East Asian affairs | North Korean policy circles
Key Point :
North Korean threat actors, specifically the Kimsuky group, are exploiting poorly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols to pose as legitimate journalists, academics, or experts in East Asian affairs.…Summary: Vishing and deepfake phishing attacks are increasing as threat actors use GenAI to enhance social engineering tactics, making phishing more difficult to detect and deceive even the most aware users.
Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations
Key Point :
Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics.…
No one is safe from scams, especially targeted scams that are designed using social engineering techniques.
Targeted scams, unlike individual-targeted phishing or investment frauds, are carefully crafted attack scenarios based on pre-collected information about the target.
These attacks, such as business email compromise (BEC) and spear phishing emails, are difficult for the victim organization to recognize as scams.…
Read More Published On : 2024-05-03
EXECUTIVE SUMMARYThe team at CYFIRMA recently intercepted Android malware suspected to have been delivered by a Pakistan-based APT group targeting Indian defense personnel. Surprisingly, the campaign has been active for over a year. The unidentified threat actor possibly utilized Spynote, or its modified version known by Craxs Rat, obfuscating the app with a high level of complexity, making it difficult to understand.…
Written by: Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery
APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.…
Summary: The UK’s National Cyber Security Centre (NCSC) has launched a new initiative called Advanced Mobile Solutions (AMS) to enhance cyber-resilience for organizations targeted by nation-state threats on their mobile infrastructure.
Threat Actor: Nation-state threat actors | nation-state threat actors Victim: High-threat organizations | high-threat organizations
Key Point :
The NCSC’s Advanced Mobile Solutions (AMS) risk model aims to protect against the targeting of consumer-grade devices by commercial spyware, which can serve as a gateway for sophisticated threat actors to access corporate systems and data.…Summary: The content discusses the increase in the exploitation of vulnerabilities as an initial access step for a breach, highlighting the significant growth between 2022 and 2023.
Threat Actor: Cybercriminals | Cybercriminals Victim: Organizations | Organizations
Key Point :
The exploitation of vulnerabilities as an initial access step for a breach increased by 180% between 2022 and 2023, accounting for 14% of malicious actors’ way into a network.…Summary: A hacking group linked to Iran’s Revolutionary Guard Corps impersonated journalists and human rights activists as part of a social engineering campaign, targeting organizations such as The Washington Post and prominent think tanks.
Threat Actor: APT42 | APT42 Victim: Various news organizations and think tanks including The Washington Post, The Economist, and the Aspen Institute.…
Verizon’s 17th annual Data Breach Investigations Report (DBIR) for 2024 offers an in-depth look at the latest trends in data breaches and cyber security incidents. Analyzing data from over 30,458 incidents and 10,626 confirmed breaches between November 2022 and October 2023, Verizon DBIR 2024 provides crucial insights into the evolving threat landscape.…
Summary: The content discusses a recently patched vulnerability in the open source R programming language that could allow arbitrary code execution.
Threat Actor: N/A
Victim: N/A
Key Point :
The vulnerability, known as CVE-2024-27322, can be exploited by loading a malicious RDS file or integrating a poisoned R package into an R-based project.…Summary: A social engineering campaign known as DEV#POPPER is targeting software developers with bogus npm packages disguised as job interviews to trick them into downloading a Python backdoor. The campaign is linked to North Korean threat actors.
Threat Actor: North Korean threat actors | North Korean threat actors Victim: Software developers | software developers
Key Point :
An ongoing social engineering campaign known as DEV#POPPER is targeting software developers with bogus npm packages under the guise of a job interview.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Key Points
Escalated tensions between Iran and Israel could give rise to cyber threats.Several advanced persistent threat (APT) groups are involved on both sides: APT34, APT35, and CyberAv3ngers in Iran, and Predatory Sparrow in Israel.Iranian-affiliated APTs utilize a wide array of TTPs, including spearphishing and drive-by compromise, to significantly expand the attack surface for companies with ties to Israel or Israeli vendors.…Published On : 2024-04-26
EXECUTIVE SUMMARY:At Cyfirma, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Fletchen stealer, an information stealing malware crafted with advanced functionalities and anti-analysis defense.…