One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8482834 |
| Date de publication | 2024-04-15 15:15:00 (vue: 2024-04-15 16:07:46) |
| Titre | Faits saillants hebdomadaires, 15 avril 2024 Weekly OSINT Highlights, 15 April 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting reveals a landscape of diverse cyber threats characterized by sophisticated attack tactics and adaptable threat actors. One key trend was the increasing use of artificial intelligence (AI) by cybercriminals, including AI-powered malvertising on social media platforms and suspected LLM-generated content in a malware campaign targeting German organizations. Additionally, several OSINT articles reported on the trend of exploiting popular platforms like YouTube and GitHub to distribute malware. Threat actors demonstrate a keen understanding of user behavior, leveraging enticing content and fake webpages to lure victims into downloading malicious payloads, highlighting the importance of proactive defense strategies to mitigate evolving threats effectively. ## Description 1. **[German Organizations Targeted with Rhadamanthys Malware](https://security.microsoft.com/intel-explorer/articles/119bde85):** Proofpoint identifies TA547 launching an email campaign targeting German organizations with Rhadamanthys malware, representing a shift in techniques for the threat actor. The campaign involves impersonating a German retail company in emails containing password-protected ZIP files containing LNK files triggering PowerShell scripts to load Rhadamanthys into memory, bypassing disk writing. The incorporation of suspected LLM-generated content into the attack chain provides insight into how threat actors are leveraging LLM-generated content in malware campaigns. 2. **[Russian-Language Cybercrime Operation Leveraging Fake Web3 Gaming Projects](https://security.microsoft.com/intel-explorer/articles/0cdc08b5):** The Insikt Group uncovers a large-scale Russian-language cybercrime operation distributing infostealer malware through fake Web3 gaming projects targeting both macOS and Windows users. Threat actors entice users with the potential for cryptocurrency earnings, distributing malware like Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro upon visiting imitation Web3 gaming projects\' webpages. 3. **[AI-Powered Malvertising Campaigns on Social Media](https://security.microsoft.com/intel-explorer/articles/1e1b0868):** Bitdefender discusses the use of artificial intelligence (AI) by cybercriminals in malvertising campaigns on social media platforms, impersonating popular AI software to distribute stealers like Rilide, Vidar, IceRAT, and Nova Stealer. These campaigns target European users through fake AI software webpages on Facebook, organized by taking over existing accounts and boosting page popularity through engaging content. 4. **[Exploitation of YouTube Channels for Infostealer Distribution](https://security.microsoft.com/intel-explorer/articles/e9f5e219):** AhnLab identifies a trend where threat actors exploit YouTube channels to distribute Infostealers like Vidar and LummaC2, disguising them as cracked versions of legitimate software. Attackers hijack popular channels with hundreds of thousands of subscribers, distributing malicious links through video descriptions and comments, highlighting concerns about the potential reach and impact of distributed malware. 5. **[VenomRAT Distribution via Phishing Email with Malicious SVG Files](https://security.microsoft.com/intel-explorer/articles/98d69c76):** FortiGuard Labs reveals a threat actor distributing VenomRAT and other plugins through phishing emails containing malicious Scalable Vector Graphics (SVG) files. The email attachment downloads a ZIP file containing an obfuscated Batch file, subsequently loading VenomRAT using ScrubCrypt to maintain a connection with a command and control (C2) server and install plugins on victims\' environments. 6. **[Malware Distribution through GitHub Repositories Manipulation](https://security.microsoft.com/intel-explorer/articles/4d0ffb2c):** Checkmarx reports a cybercriminal attack campaign manipulating GitHub\'s search functionality to distribute malware through repositories. Attackers create repositories with popular names and topics, hiding malicious code withi |
| Envoyé | Oui |
| Condensat | ### *the 0463 2024 20access 20evaluation 2147127827 365 365/security/defender 365/security/defender/microsoft 365/security/office 3c/em 3cem 3elearndoc 3elearndoc#block 3elearndoc#use 3eta :** about access access/concept access/overview accounts acquired across actions activate activating activities activity activityies actor actors adaptable additional additionally address addresses admin administrative advanced advice: against age agent ahead ahnlab ai/ alert alerts all also among amos anomalous anonymizer anti antivirus app applications apply apps april are article articles artificial associated atomic attachment attachments attack attacker attackers attacks attacks: attempts authentication authenticator auto automatic automatically automatically available avoid awareness based baseline batch before behavior best bitdefender block blocks blog blog: boosting both breach brings browser browsers build bullet bypassing campaign campaigns can can capabilities card center centralizing chain changes channels characteristics characteristics characterized check checkmarx classes click clicking clipper cloud code com/azure/active com/deployedge/microsoft com/en com/intel com/microsoft command commands comments common community companies company complement complemented compliant components concerns conditional configure configure connection connections contain containing content context continuous continuously contributes control cookie correlating cover coverage cracked create creations credential credentials criterion cryptocurrency customer customers cyber cybercrime cybercriminal cybercriminals date defaults defender defenders defense delete delivered demonstrate deployment description descriptions detections detects determined device devices different directory/authentication/concept directory/conditional directory/fundamentals/concept directory/identity discovers discussed discusses disguising disk distribute distributed distributemalware distributing distribution diverse domain domains downloading downloads driven due earnings edge educating effective effectively email emails employees empower enable enabled enabling encourage ency ency&ocid=magicti encyclopedia endpoint endpoint/attack endpoint/configure endpoint/detect endpoint/enable endpoint/prevent endpoint/web enforce enforced engaging engineering enhanced ensure ensures enterprise entice enticing entire environments environments: equivalent establishing european evaluate evaluated evaluation even every evolving example excluded executable executables execution existing exploit exploitation exploiting exploits explorer/articles/003295ff explorer/articles/0cdc08b5 explorer/articles/119bde85 explorer/articles/1e1b0868 explorer/articles/4d0ffb2c explorer/articles/98d69c76 explorer/articles/e9f5e219 explorer/search/tags/articles facebook fake faster features fido file files filtering first focused following fortiguard found from functionality fundamentals further gaming generated german get github granular graphics group guardrails guardrails/ guidance hello help hiding highlighting highlights hijack host hour how https://aka https://learn https://security https://sip https://www hundreds hygiene icerat identified identifies identify identifying identities identity imitation impact impersonating implement implement importance improve inbound incident incidents including incoming incorporation increase increasing indicate infected infection infections information infostealer infostealers ins insight insikt install installation intelligence internet intrusions invest investigate investigated investigations involves isp keen key keys keyzetsu labs landscape language large last lateral latest launching learn learndoc learndoc#block learning least legitimate level leverage leveraging like limit links list llm lnk load loading local location locations lummac2 lure machine machines macos mail maintain majority malicious malvertising malware malware: managed management manipulating manipulation many mdi mdo media meet membership memory methods mfa micmicrosof |
| Tags | Ransomware Spam Malware Tool Threat Prediction |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.