One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8459610 |
| Date de publication | 2024-03-06 01:05:06 (vue: 2024-03-06 02:07:45) |
| Titre | Faits saillants hebdomadaires d'osint, 4 mars 2024 Weekly OSINT Highlights, 4 March 2024 |
| Texte | ## Weekly OSINT Highlights, 4 March 2024 Ransomware loomed large in cyber security research news this week, with our curated OSINT featuring research on Abyss Locker, BlackCat, and Phobos. Phishing attacks, information stealers, and spyware are also in the mix, highlighting the notable diversity in the cyber threat landscape. The OSINT reporting this week showcases the evolving tactics of threat actors, with operators increasingly employing multifaceted strategies across different operating systems. Further, the targets of these attacks span a wide range, from civil society figures targeted by spyware in the Middle East and North Africa to state and local governments victimized by ransomware. The prevalence of attacks on sectors like healthcare underscores the significant impact on critical infrastructure and the potential for substantial financial gain through ransom payments. 1. [**Abyss Locker Ransomware Evolution and Tactics**](https://ti.defender.microsoft.com/articles/fc80abff): Abyss Locker ransomware, derived from HelloKitty, exfiltrates victim data before encryption and targets Windows systems, with a subsequent Linux variant observed. Its capabilities include deleting backups and employing different tactics for virtual machines, indicating a growing sophistication in ransomware attacks. 2. [**ALPHV Blackcat Ransomware-as-a-Service (RaaS)**:](https://ti.defender.microsoft.com/articles/b85e83eb) The FBI and CISA warn of ALPHV Blackcat RaaS, which targets multiple sectors, particularly healthcare. Recent updates to ALPHV Blackcat include improved defense evasion, encryption capabilities for Windows and Linux, reflecting the increasing sophistication in ransomware operations. 3. [**Phobos RaaS Model**](https://ti.defender.microsoft.com/articles/ad1bfcb4): Phobos ransomware, operating as a RaaS model, frequently targets state and local governments. Its use of accessible open-source tools enhances its popularity among threat actors, emphasizing the ease of deployment and customization for various environments. 4. [**TimbreStealer Phishing Campaign**](https://ti.defender.microsoft.com/articles/b61544ba): Talos identifies a phishing campaign distributing TimbreStealer, an information stealer disguised as Mexican tax-related themes. The threat actor was previously associated with banking trojans, underscoring the adaptability and persistence of malicious actors. 5. [**Nood RAT Malware Features and Stealth**](https://ti.defender.microsoft.com/articles/cc509147): ASEC uncovers Nood RAT, a Linux-based variant of Gh0st RAT, equipped with encryption and disguised as legitimate software. The malware\'s flexibility in binary creation and process naming underscores the threat actor\'s intent to evade detection and carry out malicious activities with sophistication. 6. [**Predator Spyware Infrastructure and Targeting**](https://ti.defender.microsoft.com/articles/7287eb1b): The Insikt Group\'s discovery highlights the widespread use of Predator spyware, primarily targeting journalists, politicians, and activists in various countries. Despite its purported use for counterterrorism and law enforcement, Predator is employed by threat actors outside these contexts, posing significant privacy and safety risks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following |
| Envoyé | Oui |
| Condensat | **: **abyss **alphv **nood **phobos **predator **timbrestealer 2024 365 365/security/defender 365/security/defender/microsoft 365/security/office abbreviatedmktgpage about abyss access access/concept access/overview accessible accounts acquired across action actions activate activating activists activities activity actor actors adaptability additional address advanced advice: africa against age agent alert alerts all allow alphv also among aninformation anomalous anonymizer anti antivirus app apps are article artifacts asec associated attachments attack attacker attackers attacks attempts authentication authenticator auto automated automatically available backups banking based baseline before behind best binary blackcat block blocks blog blog#defending blog: breach breaches brings browser browsers bullet but campaign campaign** can can capabilities carry center centralizing certain changes characteristics characteristics check cisa civil classes click clicking cloud code com/articles/7287eb1b com/articles/ad1bfcb4 com/articles/b61544ba com/articles/b85e83eb com/articles/cc509147 com/articles/fc80abff com/azure/active com/deployedge/microsoft com/en com/intel com/microsoft com/security/business/siem commands common community compatibility complement complemented compliant conditional configure configure context contexts continuous continuously contributes control cookie correlating counterterrorism countries cover coverage creation creations credential credentials criterion critical curated customer customers customization cyber cybercrime data date defaults defender defenders defense delete deleting delivered deploy deployment derived despite detect detected detection determined device devices different directory/authentication/concept directory/authentication/how directory/conditional directory/fundamentals/concept directory/identity discovery discussed disguised distributing diversity doesn driven due ease east economy edge edr effective email emails emphasizing employed employees employing enable enabled enable enabling encourage encryption endpoint endpoint/attack endpoint/automated endpoint/configure endpoint/detect endpoint/edr endpoint/prevent endpoint/web enforce enforced enforcement enhanced enhances ensure ensures enterprise entire environments environments: equippedwith equivalent evade evaluate evaluated evaluation evasion even every evolution evolving example excluded executable execution exfiltrates experience faster fbi features featuring fido figures files filtering financial first flexibility focused following found frequently from full fundamentals further gain get gh0st gig governments granular group growing guidance healthcare hello hellokitty highlighting highlights host hour how https://aka https://learn https://sip https://ti https://www huge identified identifies identify identities identity immediate impact implement implement improve improved inbound incident incidents include including incoming increasing increasingly indicating infections information infostealer infostealers infrastructure ins insikt intelligence intent internet intrusions invest investigate investigated investigation investigations isp issues its journalists key keys landscape large lateral latest law learn learndoc learndoc#block learndoc#use learning legitimate leverage like links linux list local location locations locker loomed machine machines mail majority malicious malware managed management many march match may mdi mdo meet membership methods mexican mfa microsoft middle mitigate mitigation mitigations mix mode model model** monitor more most movement ms/threatintelblog multifaceted multifactor multiple naming new newly news non nood north not notable number obfuscated observed ocid=magicti off offer office one on open operating operations operators organizations organizations: originating osint other others out outside overview particularly passive password passwordless passwords payments persistence personal phishing phobos phones place points policies policy politicians polymorphic popularity posin |
| Tags | Ransomware Spam Malware Tool Threat Legislation Medical |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.