One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8462154 |
| Date de publication | 2024-03-11 13:43:18 (vue: 2024-03-11 14:08:44) |
| Titre | Faits saillants hebdomadaires OSINT, 11 mars 2024 Weekly OSINT Highlights, 11 March 2024 |
| Texte | ## Weekly OSINT Highlights, 11 March 2024 The OSINT reporting last week underscores several prevalent trends in cyber threats. Firstly, ransomware continues to be a significant threat, with groups like GhostSec conducting double extortion attacks and offering RaaS programs, while threat actors like SocGholish exploit vulnerabilities in web platforms like WordPress. Additionally, phishing remains a persistent tactic, exemplified by the discovery of the CryptoChameleon kit targeting cryptocurrency platforms and governmental agencies. Furthermore, attackers are targeting misconfigured servers and leveraging 1-day vulnerabilities to conduct various malicious activities, from cryptocurrency mining to unauthorized data collection. These trends emphasize the evolving tactics and motivations of cyber threat actors, highlighting the need for robust cybersecurity measures and vigilance across various sectors and platforms. 1. **[SocGholish Malware Targeting WordPress](https://security.microsoft.com/intel-explorer/articles/0218512b?)**: WordPress websites are targeted by SocGholish malware, initiating with a JavaScript malware framework and leading to potential ransomware infections, often through compromised administrator accounts. 2. **[GhostSec Ransomware Activities Surge](https://security.microsoft.com/intel-explorer/articles/ee5a4e56?)**: GhostSec, a financially motivated hacking group, collaborates with Stormous ransomware in double extortion attacks across various business verticals, offering a ransomware-as-a-service (RaaS) program, with a surge in activities observed recently. 3. **[CryptoChameleon Phishing Kit](https://security.microsoft.com/intel-explorer/articles/9227be0c?)**: Lookout uncovers the CryptoChameleon phishing kit, adept at stealing sensitive data from cryptocurrency platforms and the FCC, utilizing custom single sign-on (SSO) pages and SMS lures, primarily targeting victims in the United States. Notably, the kit includes an administrative console to monitor phishing attempts and offers customized redirections based on victims\' responses, with an emphasis on mimicking authentic MFA processes. 4. **[Malware Campaign Targeting Misconfigured Servers](https://security.microsoft.com/intel-explorer/articles/68797fe5?)**: Cado Security Labs discovers a malware campaign targeting misconfigured servers, leveraging unique payloads and exploiting n-day vulnerabilities for Remote Code Execution (RCE) attacks and cryptocurrency mining. 5. **[Earth Kapre Espionage Group](https://security.microsoft.com/intel-explorer/articles/d2d46a48?)**: Trend Micro exposes the Earth Kapre espionage group, conducting phishing campaigns across multiple countries, with malicious attachments leading to unauthorized data collection and transmission to command-and-control (C&C) servers. 6. **[Magnet Goblin Exploiting 1-Day Vulnerabilities](https://security.microsoft.com/intel-explorer/articles/11616c16?)**: Check Point identifies Magnet Goblin\'s financially motivated attacks, rapidly adopting 1-day vulnerabilities, particularly targeting Ivanti Connect Secure VPN, with a diverse arsenal including a Linux version of NerbianRAT and JavaScript credential stealers. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) - [Cryptojacking: Understanding and defending against cloud compute resource abuse](https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/) Microsoft customers can use the following reports in Mi |
| Envoyé | Oui |
| Condensat | **: 2023 2024 21887 365 365/security/defender 365/security/defender/microsoft 46805 abbreviatedmktgpage about abuse abuse/ abused access access/concept access/overview accounts across action actions activate activating active activities activity actor actors additional additionally address addresses addresses: adept admin administrative administrator adopting advanced against age agencies agent agents alert alerts all allocated allow also among anomalies: anomalous anomaly anonymizer anti antivirus applicable apply are arsenal artifacts associated attachments attack attacker attackers attacks attacks: attempts auth authentic authentication automated automatically available azure based baseline before behavior behaviors behind best block blocking blog blog#defending blog: breach breaches brings broadly browsers business but bypass c&c cado campaign campaigns can center centralizing certain changes characteristics characteristics check classes cli cloud cloud/recommendations code collaborates collection com/azure/active com/azure/defender com/cli/azure/vm com/deployedge/microsoft com/en com/intel com/microsoft com/security/business/siem command commands common commonly community compatibility complement complemented compliance compliant comprehensive compromised compute conditional conduct conducting configure configure connect considered console context continues continuous continuously contributes contributor control cookie core correlate correlating countries cover creation creations credential credentials criterion cryptochameleon cryptocurrency cryptojacking cryptojacking: custom customer customers customized cve cyber cybercrime cybersecurity data date day defaults defender defenders defending delivered deploy detect detected detecting detection detections determined device devices directory directory/authentication/tutorial directory/conditional directory/fundamentals/concept directory/privileged discourage discovers discovery discussed distinct diverse doesn double driven earth economy edge edr effective elevated email emails emphasis emphasize employ enable enable enabling endpoint endpoint/attack endpoint/automated endpoint/configure endpoint/edr endpoint/prevent enforced ensure ensures entire environment environments: equivalent especially espionage evaluate evaluated evaluation even every evolving example excessive executable execution exemplified experience exploit exploiting explorer/articles/0218512b explorer/articles/11616c16 explorer/articles/21200f39 explorer/articles/53c08804 explorer/articles/68797fe5 explorer/articles/6a3e5fd2 explorer/articles/9227be0c explorer/articles/d2d46a48 explorer/articles/ee5a4e56 exposes external extortion factor faster fcc files financially first firstly focused focusing following found framework from full fundamentals further furthermore get ghostsec gig goblin governmental granular group groups guide hacking help high highlighting highlights how https://aka https://learn https://security https://www huge identified identifies identify identifying identities identity immediate impact implement implement improve incident incidents includes including incoming increase increases increases: indicate infections information initiating injection ins intelligence internet invest investigate investigated investigation investigations in isp issues ivanti javascript kapre key kit labs last lateral latest latest#az leading learn learndoc learndoc#block learndoc#use learning leverage leveraging like limiting links linux list location locations login lookout lures machine magnet majority malicious malware management management/pim march may mdi mdo measures meet membership methods mfa mfa: micro microsoft mimicking mining misconfigured mitigate mitigations mode monitor more most motivated motivations movement ms/threatintelblog multi multifactor multiple need nerbianrat new non notably observed ocid=magicti offering offers office often of one on organizations organizations: originating osint other others out pages particularly passive password patterns payloads perform |
| Tags | Ransomware Malware Tool Vulnerability Threat Prediction Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.