One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8474062 |
| Date de publication | 2024-04-01 13:51:22 (vue: 2024-04-01 14:08:00) |
| Titre | Faits saillants hebdomadaires, 1er avril 2024 Weekly OSINT Highlights, 1 April 2024 |
| Texte | Last week\'s OSINT reporting reveals an array of cyber threats marked by sophisticated attack tactics and diverse targets. From malvertising campaigns deploying stealers like Rhadamanthys to the first known attack campaign targeting AI workloads, threat actors exhibit a range of attack vectors targeting both individuals and organizations. Notably, the evolution of malware such as Vultur and StrelaStealer highlights a continual arms race between attackers and defenders, with adversaries demonstrating adaptability and persistence in their pursuit of data theft and system compromise. The targeting of specific platforms like WordPress sites and email clients underscores the threat to online ecosystems, while the widespread impact across industries emphasizes the need for robust cybersecurity measures and constant vigilance against evolving threats. 1. [Go Malvertising Campaign with Rhadamanthys Stealer](https://security.microsoft.com/intel-explorer/articles/e6d270fc): A malvertising campaign had utilized a Go language loader to deploy the Rhadamanthys stealer, targeting users through a fake PuTTY homepage ad at the top of Google search results. The loader, closely linked to the malvertising infrastructure, had retrieved the payload, Rhadamanthys, which had been executed by the parent process PuTTY.exe, indicating a coordinated attack by the same threat actor. 2. [Active Attack Campaign Exploiting Ray Framework Vulnerability](https://security.microsoft.com/intel-explorer/articles/e4cd5bc2): An ongoing active attack campaign had exploited a critical vulnerability in the Ray open-source AI framework, known as ShadowRay (CVE-2023-48022), impacting thousands of companies globally. Attackers had exploited this vulnerability to take control of computing resources, steal sensitive data, and conduct cryptocurrency mining operations, demonstrating the severity of the issue and its widespread impact across industries. 3. [Evolution of Android Banking Malware Vultur](https://security.microsoft.com/intel-explorer/articles/3f7c3599): Authors behind the Android banking malware Vultur had enhanced its capabilities, including remote interaction with victim devices and encryption of C2 communication, showcasing continual development to evade detection and carry out malicious actions with greater sophistication. 4. [Agent Tesla Phishing Email Infection Chain](https://security.microsoft.com/intel-explorer/articles/5ffaa8a4): SpiderLabs had identified a phishing email leading to an infection chain deploying Agent Tesla, utilizing obfuscation, packing techniques, and polymorphic behavior to evade detection and ensure stealthy execution, posing challenges for traditional antivirus systems. 5. [Sign1 Malware Campaign Exploiting WordPress Sites](https://security.microsoft.com/intel-explorer/articles/063f7fac): Sucuri and GoDaddy Infosec had discovered the Sign1 malware campaign infecting over 2,500 WordPress sites, injecting malicious code into custom HTML widgets to redirect visitors to scam sites, demonstrating the threat to website integrity and visitor security. 6. [StrelaStealer Email Client Targeting Malware](https://security.microsoft.com/intel-explorer/articles/82785858): StrelaStealer, a malware targeting email clients to steal login data, had launched large-scale email campaigns impacting over 100 organizations, particularly targeting high-tech industries. The malware\'s evolving infection chain and updated payloads had underscored its adaptability and the challenge it had posed to security analysts and products. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summa |
| Envoyé | Oui |
| Condensat | 100 2023 2024 365 365/security/defender 365/security/defender/microsoft 365/security/office 48022 496d 4a9b 500 aad abbreviatedmktgpage about access access/concept access/overview accounts acquired across action actions activate activating active activities activity actor actors ad3c adaptability additional address addresses administrative administrator administrators advanced adversaries advice: against age agent ahead alert alerts all also always among analysts android anomalous anonymizer anti antivirus app applications apps apps/proxy april are arms array article artifacts associated attachments attack attacker attackers attacks attacks attempts authentication authenticator authors auto automated automatically available avoid b0b8 banking based baseline been before behavior behind best between block blocks blog blog: both breach breaches brings browser browsers building bullet c6a795a33c27/analystreport campaign campaigns can can capabilities carry center centralizing chain challenge challenges changes characteristics characteristics check classes click clicking client clients closely cloud code com/azure/active com/defender com/deployedge/microsoft com/en com/intel com/microsoft com/security/blog/2022/10/26/how com/security/business/siem com/threatanalytics3/05658b6c common communication community companies complement complemented compliant compromise computing conditional conduct configure configure connecting connections constant contain context continual continuous continuously contributes control cookie coordinated correlating cover coverage credential credentials criterion critical cryptocurrency custom customer customers cve cyber cybersecurity data date dc62 defaults defend defender defender/ defenders delete delivered demonstrating deploy deploying destructive detect detected detection determined development device devices different directory/authentication/concept directory/authentication/how directory/conditional directory/fundamentals/concept directory/identity discovered discussed diverse doesn domain domains driven due ecosystems edge edr email emails emphasizes employees enable enabled enable enabling encourage encryption endpoint endpoint/attack endpoint/automated endpoint/configure endpoint/detect endpoint/edr endpoint/enable endpoint/prevent endpoint/web enforce enforced enhanced ensure ensures enterprise entire environments: equivalent evade evaluate evaluated evaluation even every evolution evolving example excluded exe executable executed execution exhibit exploited exploiting exploits explorer/articles/063f7fac explorer/articles/3f7c3599 explorer/articles/5ffaa8a4 explorer/articles/82785858 explorer/articles/e4cd5bc2 explorer/articles/e6d270fc explorer/articles/ed40fbef f650 f97df0aedfce fake faster features fido files filtering first focused following found framework from full fundamentals further get globally godaddy google granular greater group guidance had hello help high highlights homepage host hour how html https://aka https://learn https://security https://sip https://www hygiene identified identifies identify identities identity immediate impact impacting implement implement improve inall inbound incident incidents including incoming indicating individuals industries infecting infection infections information infosec infostealer infostealers infrastructure initial injecting ins installation integrity intelligence interaction internet intro intrusions invest investigate investigated investigation investigations isp issue its key keys known language laps large last lateral latest launched leading learn learndoc learndoc#block learndoc#use learning least let level leverage like like limit linked links list loader local location locations login machine mail maintain majority malicious malvertising malvertising malware managed management many marked match mdi mdo measures meet membership methods mfa microsoft mining mitigate mitigation mitigations mode monitor more more most movement ms/laps ms/threatintelblog multifactor need network new newly |
| Tags | Ransomware Spam Malware Tool Vulnerability Threat Mobile Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.