March 06, 2024

Selena Larson, Jake G. and Dusty Miller 

Key takeaways  TA4903 is a unique threat actor that demonstrates at least two distinct objectives: (1) credential phishing and (2) business email compromise (BEC).   TA4903 routinely conducts campaigns spoofing various U.S. government entities to steal corporate credentials. …
Read More

COMMENTARY

Although it wasn’t called biometrics at the time, a rudimentary form of the technology emerged in 1901 when Scotland Yard adopted fingerprint classification to identify criminal suspects. The biometrics field has come a long way in the more than 120 years since then.

Public and private sector organizations now use it to identify and authenticate individuals to grant access to computer systems, such as laptops and tablets, and enterprise applications such as human resources or customer relationship management systems.…

Read More

A team of researchers has developed malware designed to target modern programmable logic controllers (PLCs) in an effort to demonstrate that remote Stuxnet-style attacks can be launched against such industrial control systems (ICS).

The researchers are from the Georgia Institute of Technology and they have published a paper detailing this ICS security project.…

Read More

Mar 02, 2024NewsroomSpyware / Privacy

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against the Israeli spyware vendor.

The decision, which marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to approximately 1,400 mobile devices between April and May.…

Read More

Overview

SonicWall Capture Labs Threat Research Team became aware of the MonikerLink Remote Code Execution vulnerability (CVE-2024-21413) in Microsoft Outlook, assessed its impact and developed mitigation measures for the vulnerability.

Microsoft Outlook is a globally acclaimed personal information management software from Microsoft. A MonikerLink vulnerability was observed in the Microsoft Outlook email client.…

Read More
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails

By Nati Tal, Oleg Zaytsev (Guardio Labs)

Guardio Labs uncovers a sprawling campaign of subdomain hijacking, compromising already over 8,000 domains from esteemed brands and institutions, including MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, eBay and others.…

Read More

Turla is an APT group allegedly linked to the intelligence service FSB (Federal Security Service) from the Russian Federation. This threat actor is specifically in the Center 16 unit, which carries out the collection of radio-electronic intelligence on communications facilities. Moreover, the Center 16 is in charge of intercepting, decrypting and processing the electronic message and the technical operation of compromising foreign targets.…

Read More

DarkGate is a commodity loader written in Borland Delphi that was first identified in 2018 and has been advertised under the Malware-as-a-Service (MaaS) business model on popular cybercrime forums since June 2023.

It has a wide range of capabilities, such as the ability to download and execute files in memory, environment reconnaissance and information gathering, privilege escalation, remote access software deployment, and a Hidden Virtual Network Computing (HVNC) module.…

Read More

Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observes, is the Iranian-origin threat actor CharmingCypress (aka Charming Kitten, APT42, TA453). Volexity assesses that CharmingCypress is tasked with collecting political intelligence against foreign targets, particularly focusing on think tanks, NGOs, and journalists.…

Read More

February 1, 2024

Stately Taurus Continued – New Information on Cyberespionage Attacks against Myanmar Military Junta

On January 23rd, CSIRT-CTI published a blogpost describing a pair of campaigns believed to be launched by Stately Taurus (alias Bronze President, Camaro Dragon, Earth Preta, Mustang Panda, Red Delta, TEMP.Hex…

Read More
Masterminds of Tech Excellence in the World of Cybercrime

Resecurity has uncovered a cybercriminal group known as “GXC Team“, which specializes in crafting tools for online banking theft, ecommerce fraud, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias “googleXcoder“, made multiple announcements on the Dark Web.…

Read More

Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More