One Article Review
Accueil - L'article:
Source Anomali.webp Anomali
Identifiant 7016803
Date de publication 2022-09-20 15:00:00 (vue: 2022-09-20 15:06:54)
Titre Anomali Cyber Watch: Uber and GTA 6 Were Breached, RedLine Bundle File Advertises Itself on YouTube, Supply-Chain Attack via eCommerce Fishpig Extensions, and More
Texte The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, Cyberespionage, Iran, Ransomware, Stealers, and Supply chain. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Hacker Pwns Uber Via Compromised VPN Account (published: September 16, 2022) On September 15, 2022, ride-sharing giant Uber started an incident response after discovering a data breach. According to Group-IB researchers, download file name artifacts point to the attacker getting access to fresh keylogger logs affecting two Uber employees from Indonesia and Brazil that have been infected with Racoon and Vidar stealers. The attacker allegedly used a compromised VPN account credentials and performed multifactor authentication fatigue attack by requesting the MFA push notification many times and then making a social-engineering call to the affected employee. Once inside, the attacker allegedly found valid credentials for privilege escalation: a PowerShell script containing hardcoded credentials for a Thycotic privileged access management admin account. On September 18, 2022, Rockstar Games’ Grand Theft Auto 6 suffered a confirmed data leak, likely caused by the same attacker. Analyst Comment: Network defenders can consider setting up alerts for signs of an MFA fatigue attack such as a large number of MFA requests in a relatively short period of time. Review your source code for embedded credentials, especially those with administrative privileges. MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Credentials from Password Stores - T1555 Tags: MFA fatigue, Social engineering, Data breach, Uber, GTA 6, GTA VI, detection:Racoon, detection:Vidar, malware-type:Keylogger, malware-type:Stealer Self-Spreading Stealer Attacks Gamers via YouTube (published: September 15, 2022) Kaspersky researchers discovered a new campaign spreading the RedLine commodity stealer. This campaign utilizes a malicious bundle: a single self-extracting archive. The bundle delivers RedLine and additional malware, which enables spreading the malicious archive by publishing promotional videos on victim’s Youtube channel. These videos target gamers with promises of “cheats” and “cracks.” Analyst Comment: Kids and other online gamers should be reminded to avoid illegal software. It might be better to use different machines for your gaming and banking activities. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Resource Hijacking - T1496 Tags: detection:RedLine, malware-type:Stealer, Bundle, Self-spreading, Telegraph, Youtub
Envoyé Oui
Condensat “cracks 0270 0day 1472 2018 2020 2021 2022 26855 29499 31207 34473 34523 513210 732 866 888 909 able abuse access according account accounts actions active activities activity actor:cobalt actor:dev actor:wicked actors acts added additional admin administrative advertises advised affected affecting after agent agentteslav3 alerts all allegedly almost alternative alto analyst analyzed anomali anomalies appliance application apt apt41 archive arctic are artifacts asia asian associated att&ck att&ck: attached attack attacker attackers attacks audit authentication authority auto available avoid back backdoored backdoors background banking based baseline became been better binaries bitlocker block brazil breach breached builders bundle bundle: but call calls campaign can capabilities capture caused chain channel channels charts check china chisel chiseling clipboard cobalt code combine command comment: commodity component compromise compromised configuration confirmed connect connected connections consider containing contractor country:cn country:ir crackmapexec cracks credential credentials crypter custom customers cve cyber cyberespionage data databases defenders defense delivering delivers delivery deobfuscate/decode depth derived detect detected detection:agentteslav3 detection:infostealer detection:originlogger detection:quasarrat detection:racoon detection:redline detection:rekoobe detection:shadowpad detection:trochilus detection:tunnelfish detection:vidar dev developed devices different directory disabled discovered discovering discovery discuss discussed documents double download downloaded drive dump dumping dwarf ecommerce effective email emails embedded employee employees enables encrypted encrypting encryption end engineering entities escalation: especially espionage establishing esxi exchange execution exercises exfiltrate exfiltrated exfiltrating exfiltration expected exploit exploitation exploits extensions extortion extracting facing fatigue february figure file files filezilla fishpig following found free fresh from ftp full gamers games’ gaming gathering getting giant github glimpse good government governments grand group group’s group:apt41 gta hacked hacker hardcoded has have heavily help hijacking host hosted identities illegal impact important in: incident include including indicator indicators indonesia industry:games infected information infostealer infrastructure ingress initial inject injection input inside install installation installed integrations intelligence internet interpreter ioc iocs iran iranian iteration its itself june kaspersky keep keeping keylogger kids kitten known land large layer layering leak leaked least legitimate license likely linux living local logdatter logs lolbins look lorenz lsass machines macro macros magazine magento making malicious malware management many materials mechanisms memory metadata methods mfa microsoft microsoft’s might mimics mirage mistakes mitel mitigate mitre mivoice modify month more mostly multifactor multiple naics name nemesis network new news non normal normally not note notification number obfuscated obfuscation observed off office older once one online only open operations opsec organization originlogger originlogger: other out over owned palo panda password past payloads pdf performed period phishing php platform point post potential powershell practice prevalent previously privilege privileged privileges proceeded process processes profit promises promotional protocol provide proxy proxyshell public published: publishing push pwns query r19 racoon ransom ransomware rat rdp recent redline registry rekoobe related relatively relied remains reminded remote removal removes requesting requests researchers resource response restart reveal review ride robust rockstar same samples scheduled screen script scripting sector:government secureworks security seen self september served server servers service services setting several shadowpad sharing short should shutdown/reboot signatures signs since single smtp social softwar
Tags Ransomware Malware Tool Vulnerability Threat Guideline
Stories Uber Uber APT 41 APT 15
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: