Published On : 2024-06-03

Executive Summary

At CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Vidar Stealer, an information stealer operating as a malware-as-a-service. The research explores the tactics employed by threat actor(s) to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities.…

Read More

Summary: OpenAI has reported that threat actors linked to the governments of Russia, China, and Iran have used its tools for influence operations, generating various types of content including articles, social media posts, and fake comments.

Threat Actor: Governments of Russia, China, and Iran | Governments of Russia, China, and Iran Victim: OpenAI | OpenAI

Key Point :

Threat actors from Russia, China, and Iran have utilized OpenAI’s tools for conducting influence operations.…
Read More

Summary: This article discusses the cyberattack on Aliquippa Water Plant and highlights the vulnerabilities in operational technology (OT) systems, emphasizing the importance of critical infrastructure security.

Threat Actor: Unknown | Unknown Victim: Aliquippa Water Plant | Aliquippa Water Plant

Key Point :

The war between Israel and Hamas resulted in an increase in cyberattacks targeting operational technology, prompting Microsoft to issue a warning to critical infrastructure operators about the risks of internet-exposed OT systems.…
Read More
Executive Summary

Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement.…

Read More

Summary: The content discusses the rise of identity-related incidents in businesses and highlights recent incidents involving social engineering, credential stuffing, and lack of multi-factor authentication.

Threat Actor: N/A

Victim: Clorox, MGM, Caesars, 23andMe, UnitedHealth

Key Point :

Identity-related incidents are on the rise due to identity sprawl and system complexity.…
Read More

Summary: The National Institute of Standards and Technology (NIST) has awarded a contract to an outside vendor to help process software and hardware bugs added to the National Vulnerability Database (NVD), addressing concerns about the backlog of unanalyzed vulnerabilities since February.

Threat Actor: N/A Victim: N/A

Key Point :

NIST has awarded a contract to an outside vendor to assist in processing software and hardware bugs added to the NVD, addressing concerns about the backlog of unanalyzed vulnerabilities.…
Read More

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives. Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a fully functional malicious game, and deliver a new custom ransomware.…

Read More

Identifier: TRR240501.

Summary

Earlier in May, our security product spotted a malicious payload, which was tentatively delivered to a computer in Brazil, via an intricate infection chain involving Python scripts and a Delphi-developed loader.

The final malicious payload, that we named “AllaSenha”, is specifically aimed at stealing credentials that are required to access Brazilian bank accounts, leverages Azure cloud as command and control (C2) infrastructure, and is another custom variant of “AllaKore”, an infamous open-source RAT which is frequently leveraged to target users in Latin America.…

Read More

Summary: This article discusses the emergence of a new Internet hosting firm called Stark Industries Solutions, which is being used as a global proxy network for cyberattacks and disinformation campaigns against enemies of Russia.

Threat Actor: NoName057(16) | NoName057(16) Victim: Government and commercial targets in Ukraine and Europe | Ukraine

Key Point:

A large Internet hosting firm called Stark Industries Solutions has emerged as a global proxy network used for cyberattacks and disinformation campaigns.…
Read More

Summary: Bolster, an AI startup, has raised $14 million in funding to expand its work in tackling malicious emails containing deceptive links through its phish-checking portal called CheckPhish and its services for brands and businesses.

Threat Actor: Cybercriminals

Victim: Brands and businesses

Key Point :

Bolster has developed a novel approach to tackle the dangerous trick of malicious emails containing deceptive links.…
Read More

Summary: Hacktivist group Ikaruz Red Team is using leaked ransomware builders to target critical infrastructure in the Philippines, as part of a growing trend among politically motivated groups aiming to disrupt the country’s operations.

Threat Actor: Ikaruz Red Team | Ikaruz Red Team Victim: Philippines government targets | Philippines government

Key Point :

Hacktivist group Ikaruz Red Team is using leaked ransomware builders, such as LockBit, Vice Society, Clop, and AlphV, to conduct “small-scale” attacks on critical infrastructure in the Philippines.…
Read More
Overview

The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability –an SQL injection in the WordPress plugin Automatic by ValvePress – assessed its impact and developed mitigation measures for it. Around ~38k active users have installed this premium plugin. The issue allows trivial SQL injection attacks against the plugin user’s authentication process, which could allow WordPress website takeovers.…

Read More

Politically-motivated hacktivist groups are increasingly utilizing ransomware payloads both to disrupt targets and draw attention to their political causes. Notable among these hacktivist groups is Ikaruz Red Team, a threat actor that is currently leveraging leaked ransomware builders.

In attacks occurring over recent months, we have observed Ikaruz Red Team and aligned groups such as Turk Hack Team and Anka Underground (aka Anka Red Team) conduct attacks against Philippine targets and hijack branding and imagery belonging to the government’s Computer Emergency Response Program (CERT-PH).…

Read More

This report was originally published for our customers on 14 May 2024.

Executive summaryThe DoppelGänger campaign is an ongoing influence campaign, starting from May 2022 and attributed to the Structura National Technologies (Structura) and the Social Design Agency (SDA), which are two Russian entities. The primary goal of DoppelGänger is to diminish support for Ukraine in the wake of Russian aggression and to foster divisions within nations backing Ukraine.…
Read More