One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8478203 |
| Date de publication | 2024-04-08 15:09:15 (vue: 2024-04-08 16:11:04) |
| Titre | Faits saillants hebdomadaires, 8 avril 2024 Weekly OSINT Highlights, 8 April 2024 |
| Texte | Last week\'s OSINT reporting reveals several key trends emerge in the realm of cybersecurity threats. Firstly, there is a notable diversification and sophistication in attack techniques employed by threat actors, ranging from traditional malware distribution through phishing emails to advanced methods like DLL hijacking and API unhooking for evading detection. Secondly, the threat landscape is characterized by the presence of various actors, including state-sponsored groups like Earth Freybug (a subset of APT41) engaging in cyberespionage and financially motivated attacks, as well as cybercrime actors orchestrating malware campaigns such as Agent Tesla and Rhadamanthys. Thirdly, the targets of these attacks span across different sectors and regions, with organizations in America, Australia, and European countries facing significant threats. Additionally, the emergence of cross-platform malware like DinodasRAT highlights the adaptability of threat actors to target diverse systems, emphasizing the need for robust cybersecurity measures across all platforms. Overall, these trends underscore the dynamic and evolving nature of cyber threats, necessitating continuous vigilance and proactive defense strategies from organizations and cybersecurity professionals. **1. [Latrodectus Loader Malware Overview](https://sip.security.microsoft.com/intel-explorer/articles/b4fe59bf)** Latrodectus is a new downloader malware, distinct from IcedID, designed to download payloads and execute arbitrary commands. It shares characteristics with IcedID, indicating possible common developers. **2. [Earth Freybug Cyberespionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/327771c8)** Earth Freybug, a subset of APT41, engages in cyberespionage and financially motivated attacks since at least 2012. The attack involved sophisticated techniques like DLL hijacking and API unhooking to deploy UNAPIMON, evading detection and enabling malicious commands execution. **3. [Agent Tesla Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/cbdfe243)** Agent Tesla malware targets American and Australian organizations through phishing campaigns aimed at stealing email credentials. Check Point Research identified two connected cybercrime actors behind the operation. **4. [DinodasRAT Linux Version Analysis](https://sip.security.microsoft.com/intel-explorer/articles/57ab8662)** DinodasRAT, associated with the Chinese threat actor LuoYu, is a cross-platform backdoor primarily targeting Linux servers. The latest version introduces advanced evasion capabilities and is installed to gain additional footholds in networks. **5. [Rhadamanthys Information Stealer Malware](https://sip.security.microsoft.com/intel-explorer/articles/bf8b5bc1)** Rhadamanthys utilizes Google Ads tracking to distribute itself, disguising as popular software installers. After installation, it injects into legitimate Windows files for data theft, exploiting users through deceptive ad redirects. **6. [Sophisticated Phishing Email Malware](https://sip.security.microsoft.com/intel-explorer/articles/abfabfa1)** A phishing email campaign employs ZIP file attachments leading to a series of malicious file downloads, culminating in the deployment of PowerShell scripts to gather system information and download further malware. **7. [AceCryptor Cryptors-as-a-Service (CaaS)](https://sip.security.microsoft.com/intel-explorer/articles/e3595388)** AceCryptor is a prevalent cryptor-as-a-service utilized in Rescoms campaigns, particularly in European countries. Threat actors behind these campaigns abuse compromised accounts to send spam emails, aiming to obtain credentials for further attacks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to ge |
| Envoyé | Oui |
| Condensat | **1 **2 **3 **4 **5 **6 **7 2012 2024 365 365/security/defender 365/security/defender/microsoft 365/security/office 496d aactivities aad abbreviatedmktgpage about abuse access access/concept access/overview accounts acecryptor acquired across action actions activate activating activities activity actor actors ad3c adaptability additional additionally address addresses administrative administrator administrators ads advanced advice: after against age agent aimed aiming alert alerts all also always america american among analysis anomalous anonymizer anti antivirus api app applications apps apps/proxy april apt41 arbitrary are article artifacts associated attachments attack attacker attackers attacks attacks attempts australia australian authentication authenticator auto automated automatically available avoid backdoor based baseline before behind best block blocks blog blog: breach breaches brings browser browsers building bullet c6a795a33c27/analystreport caas campaign campaigns can can capabilities center centralizing changes characteristics characteristics characterized check chinese classes click clicking cloud code com/azure/active com/defender com/deployedge/microsoft com/en com/intel com/microsoft com/security/blog/2022/10/26/how com/security/business/siem com/threatanalytics3/05658b6c commands common community complement complemented compliant compromised conditional configure configure connected connecting connections contain context continuous continuously contributes control cookie correlating countries cover coverage credential credentials criterion cross cryptor cryptors culminating customer customers cyber cybercrime cyberespionage cybersecurity data date dc62 deceptive defaults defend defender defender/ defenders defense delete delivered deploy deployment designed destructive detect detected detection determined developers device devices different dinodasrat directory/authentication/concept directory/authentication/how directory/conditional directory/fundamentals/concept directory/identity discussed disguising distinct distribute distribution diverse diversification dll doesn domain domains download downloader downloads driven due dynamic earth edge edr email emails emerge emergence emphasizing employed employees employs enable enabled enable enabling encourage endpoint endpoint/attack endpoint/automated endpoint/configure endpoint/detect endpoint/edr endpoint/enable endpoint/prevent endpoint/web enforce enforced engages engaging enhanced ensure ensures enterprise entire environments: equivalent european evading evaluate evaluated evaluation evasion even every evolving example excluded executable execute execution exploiting exploits explorer/articles/003295ff explorer/articles/327771c8 explorer/articles/463afcea explorer/articles/57ab8662 explorer/articles/abfabfa1 explorer/articles/b4fe59bf explorer/articles/bf8b5bc1 explorer/articles/cbdfe243 explorer/articles/e3595388 facing faster features fido file files filtering financially first firstly focused following footholds found freybug from full fundamentals further gain gather get google granular group groups guidance hello help here highlights hijacking host hour how https://aka https://learn https://security https://sip https://www hygiene icedid identified identifies identify identities identity immediate impact implement implement implement improve inbound incident incidents including incoming indicating infections information infostealer infostealers initial injects ins installation installed installers intelligence internet intro introduces intrusions invest investigate investigated investigation investigations involved isp itself key keys landscape laps last lateral latest latrodectus leading learn learndoc learndoc#block learndoc#use learning least legitimate let level leverage like like limit links linux list loader local location locations luoyu machine mail maintain majority malicious malvertising malvertising malware managed management many match mdi mdo measures meet membership methods mfa microsoft mitigate mitiga |
| Tags | Ransomware Spam Malware Tool Threat Cloud |
| Stories | APT 41 |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.