Rst Ti Report Digest: January 20, 2025
Thumbnail
This weekly threat intelligence report from RST Cloud summarizes 49 threat intelligence reports, highlighting various cyber threats and tactics used by different threat actors. Notable campaigns include “Sneaky 2FA,” which targets Microsoft 365 accounts, and “Contagious Interview,” a social engineering tactic by the Lazarus APT group. The report also discusses the MintsLoader campaign targeting the Electricity, Oil & Gas sectors, and the ongoing cyber espionage by UAC-0063 linked to Russian interests. Affected: Microsoft 365, Electricity sector, Oil & Gas sector, Central Asia, Kazakhstan, various organizations

Keypoints :

  • Identification of the “Sneaky 2FA” phishing kit targeting Microsoft 365 accounts.
  • Details on the Lazarus APT’s “Contagious Interview” campaign targeting job seekers.
  • Discovery of MintsLoader malware targeting organizations in the Electricity and Oil & Gas sectors.
  • Cyber espionage campaign by UAC-0063 linked to Russian interests in Central Asia.
  • Analysis of the AIRASHI botnet targeting gamers and exploiting vulnerabilities.
  • Rebranding of the BlackSuit ransomware group and its operational changes.
  • Pro-Ukrainian cyber espionage efforts by the Sticky Werewolf group.
  • Insights into the Gootloader malware’s SEO-driven infection tactics.

MITRE Techniques :

  • Phishing (T1566): Utilized in the “Sneaky 2FA” and “Contagious Interview” campaigns to deceive users.
  • Credential Dumping (T1003): Used by MintsLoader to extract sensitive information from compromised systems.
  • Exploitation of Vulnerability (T1203): Exploited in the AIRASHI botnet and Gootloader campaigns.
  • Command and Control (T1071): Employed by various groups for maintaining access and control over compromised systems.
  • Data Encrypted for Impact (T1486): Used by BlackSuit ransomware to encrypt victim data.

Indicator of Compromise :

  • [IP Address] 185[.]125[.]100[.]81
  • [IP Address] 23[.]254[.]244[.]74
  • [Domain] sneakylog[.]store
  • [Domain] willointerview[.]com
  • [URL] http://mubuzb3vvv[.]top/1[.]php?s=527
  • Check the article for all found IoCs.

Full Story: https://medium.com/@rst_cloud/rst-ti-report-digest-20-jan-2025-32faa48b8636?source=rss——cybersecurity-5