One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8466085 |
| Date de publication | 2024-03-18 13:23:03 (vue: 2024-03-18 14:10:04) |
| Titre | Faits saillants hebdomadaires OSINT, 18 mars 2024 Weekly OSINT Highlights, 18 March 2024 |
| Texte | ## Weekly OSINT Highlights, 18 March 2024 Last week\'s OSINT reporting revealed a common theme: cyberattacks targeting specific user groups are becoming more sophisticated. Take, for instance, the Notion installer malware, which dupes users by posing as a legitimate software installer, showcasing adept social engineering. Similarly, the BIPClip campaign demonstrates a highly targeted approach towards developers involved in cryptocurrency projects, with the threat actors leveraging multiple open-source packages to steal sensitive mnemonic phrases. Despite distinct attack methods, both instances underscore threat actors\' adaptability in tailoring attacks to their targets. Additionally, the analysis highlights a growing trend where attackers focus on specific sectors or user demographics, indicating a shift towards more targeted and stealthy cyber threats rather than indiscriminate attacks. This trend underscores the importance of user vigilance and the necessity for industry-specific cybersecurity measures to mitigate evolving risks. 1. **[Notion Installer Malware](https://security.microsoft.com/intel-explorer/articles/f21ac4ec?):** A new MSIX malware posing as the Notion installer is distributed through a fake website resembling the official Notion homepage. The malware, signed with a valid certificate, infects Windows PCs when users attempt to install Notion, compromising their systems with malware. 2. **[BIPClip Crypto Wallet Theft Campaign](https://security.microsoft.com/intel-explorer/articles/21aa5484?):** ReversingLabs uncovered the BIPClip campaign, which utilizes seven open-source packages across 19 versions from PyPI to steal mnemonic phrases for crypto wallet recovery. The campaign targets developers involved in cryptocurrency wallet projects, particularly those implementing Bitcoin Improvement Proposal 39 (BIP39), and employs sophisticated methods to avoid detection. The BIPClip campaign underscores how crypto assets are one of the most popular targets of cybercriminal groups and other threat actors, such as North Korean APTs. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments: - Tool Profile: [Information stealers](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6?) - [Financially motivated threat actors misusing App Installer](https://security.microsoft.com/intel-explorer/articles/74368091?) ## Recommendations to protect against Information stealers Microsoft recommends the following mitigations to reduce the impact of Information stealer threats. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-sec |
| Envoyé | Oui |
| Condensat | 2024 365 365/security/defender 365/security/office :** about accounts acquired across actions activity actor actors adaptability additionally adept advice: against age all analysis antivirus app approach apps apts are article assets associated attachments attack attacker attackers attacks attempt authentication authenticator auto avoid based becoming bip39 bipclip bitcoin block blocks blog: both browser browsers bullet campaign can can certificate check classes click clicking cloud code com/azure/active com/deployedge/microsoft com/intel com/microsoft common community compromising configure cover coverage credential credentials criterion crypto cryptocurrency customer customers cyber cyberattacks cybercriminal cybersecurity date defender delete delivered demographics demonstrates despite detection developers devices different directory/authentication/concept directory/authentication/how directory/identity discussed distinct distributed due dupes edge email emails employees employs enable enabled encourage endpoint/attack endpoint/configure endpoint/detect endpoint/web enforce engineering enhanced ensure enterprise entire environments: equivalent even evolving example excluded executable execution explorer/articles/21aa5484 explorer/articles/74368091 explorer/articles/f21ac4ec fake features fido files filtering financially first focus following found from get group groups growing guidance hello highlights highly homepage host hour how https://aka https://learn https://security https://sip identifies identity impact implementing importance improvement inbound including indicating indiscriminate industry infections infects information infostealer infostealers install installer instance instances intelligence intrusions involved keys korean last latest learn learndoc learndoc#block learning legitimate leveraging like links list locations machine mail majority malicious malware managed many march match measures meet methods mfa microsoft misusing mitigate mitigation mitigations mnemonic mode more most motivated ms/threatintelblog msix multiple necessity new newly north not notion number obfuscated ocid=magicti off offer office official one on open organizations osint other out overview packages particularly password passwordless passwords pcs personal phishing phones phrases points policies policy polymorphic popular posing possible potentially prevalence prevent product profile: profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 projects prompt proposal protect protection protection/howto protections provide pua purge pypi ransomware rapidly rather recheck recommendations recommended recommends recovery reduce reduction reductionn refer reference remind remove reporting reports require requires research resembling respond response revealed reversinglabs risks rules running safe scam scripts sectors secured security security/defender security/safe security/zero sensitive sent settings seven shift should showcasing sight signed similarly sites smartscreen social software sophisticated source spam specific spoofed steal stealer stealers stealthy stop stored strictly succeeded such summary support support surface sweeping sync#sync syncing systems tailoring take targeted targeting targets techniques than theft their theme: those threat threats through times tools towards to trend trusted turn typed uncovered underscore underscores unknown unless unwanted use used user users uses use using utilizes valid variants vaults versions vigilance wallet web website websites week weekly when where which windows workplace your ** and for from in to tool “yes” |
| Tags | Ransomware Spam Malware Tool Threat Prediction |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.