This article explores various cyber threats, including voice phishing by the “Crypto Chameleon” group, exploitation of vulnerabilities in Kerio Control and Ivanti Connect Secure VPN, and North Korean hackers targeting cryptocurrency wallets through fake job interviews. The rise of ransomware among state-sponsored APT groups is also highlighted, indicating a troubling trend in modern cyber threats. Affected: Apple, Google, Kerio Control, Ivanti Connect Secure, cryptocurrency platforms.
Keypoints :
- Voice phishing group “Crypto Chameleon” targets cryptocurrency investors using legitimate services.
- Scammers employ caller ID spoofing to impersonate Apple customer support.
- Phishing pages mimic Apple’s iCloud login to steal credentials.
- Kerio Control vulnerability (CVE-2024–52875) allows remote code execution through CRLF injection.
- North Korean hackers use fake job interviews to lure victims and steal cryptocurrency.
- Ransomware deployment by state-sponsored APT groups is increasing, posing global threats.
MITRE Techniques :
- Caller ID Spoofing: Scammers spoof legitimate phone numbers to gain trust.
- Phishing: Attackers send links to phishing pages to capture credentials.
- CRLF Injection (T1503.001): Injecting CRLF sequences to manipulate server responses.
- HTTP Response Splitting (T1503.002): Splitting HTTP responses to insert malicious content.
- Reflected Cross-Site Scripting (T1203.001): Injecting JavaScript into responses to execute code in victims’ browsers.
- Exploitation of Zero-day Vulnerability: Exploiting CVE-2025–0282 for unauthorized access.
- Social Engineering: Using fake job interviews to trick victims into downloading malware.
Indicator of Compromise :
- [domain] verify-trezor[.]io
- [domain] 17505-apple[.]com
- [domain] commandandcontrolserver[.]com
- [domain] thebackendserver[.]com
- [domain] lookoutsucks[.]com
- Check the article for all found IoCs.
Full Research: https://medium.com/@lovable_chestnut_chinchilla_54/the-feed-2025-01-09-2157f5c3c871?source=rss——cybersecurity-5