One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8508725 |
| Date de publication | 2024-05-28 17:37:40 (vue: 2024-05-28 18:10:22) |
| Titre | Faits saillants hebdomadaires, 28 mai 2024 Weekly OSINT Highlights, 28 May 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting reveals a diverse array of sophisticated cyber threats targeting various sectors, including financial institutions, government entities, and academic organizations. The reports highlight a variety of attack types such as banking trojans, stealers, crypto mining malware, ransomware, and remote access trojans (RATs). Attack vectors include malspam campaigns, spear-phishing emails, search engine advertisements, and trojanized software packages. Threat actors range from financially motivated groups like UAC-0006 and Ikaruz Red Team to state-sponsored entities such as the Chinese-linked "Unfading Sea Haze" and the Iranian Void Manticore. These actors employ advanced techniques like fileless malware, DLL sideloading, and custom keyloggers to achieve persistence and data exfiltration. The targets of these attacks are geographically widespread, encompassing North and South America, the South China Sea region, the Philippines, and South Korea, underscoring the global reach and impact of these threats. ## Description 1. **[Metamorfo Banking Trojan Targets North and South America](https://security.microsoft.com/intel-explorer/articles/72f52370)**: Forcepoint reports that the Metamorfo (Casbaneiro) banking trojan spreads through malspam campaigns, using HTML attachments to initiate system metadata collection and steal user data. This malware targets banking users in North and South America by employing PowerShell commands and various persistence mechanisms. 2. **[Unfading Sea Haze Targets South China Sea Military and Government Entities](https://security.microsoft.com/intel-explorer/articles/c95e7fd5)**: Bitdefender Labs identified a Chinese-linked threat actor, "Unfading Sea Haze," using spear-phishing emails and fileless malware to target military and government entities in the South China Sea region. The campaign employs tools like SerialPktdoor and Gh0stRAT to exfiltrate data and maintain persistence. 3. **[Acrid, ScarletStealer, and Sys01 Stealers](https://security.microsoft.com/intel-explorer/articles/8ca39741)**: Kaspersky describes three stealers-Acrid, ScarletStealer, and Sys01-targeting various global regions. These stealers focus on stealing browser data, cryptocurrency wallets, and credentials, posing significant financial risks by exfiltrating sensitive user information. 4. **[REF4578 Crypto Mining Campaign](https://security.microsoft.com/intel-explorer/articles/c2420a77)**: Elastic Security Labs reports on REF4578, an intrusion set leveraging vulnerable drivers to disable EDRs for deploying Monero crypto miners. The campaign\'s GHOSTENGINE module ensures persistence and termination of security agents, targeting systems for crypto mining. 5. **[SmokeLoader Malware Campaign in Ukraine](https://security.microsoft.com/intel-explorer/articles/7bef5f52)**: CERT-UA observed the UAC-0006 threat actor distributing SmokeLoader malware via phishing emails in Ukraine. The campaign downloads additional malware like Taleshot and RMS, targeting remote banking systems and increasing fraud schemes. 6. **[Ikaruz Red Team Targets Philippines with Modified Ransomware](https://security.microsoft.com/intel-explorer/articles/624f5ce1)**: The hacktivist group Ikaruz Red Team uses leaked LockBit 3 ransomware builders to attack Philippine organizations, aligning with other hacktivist groups like Turk Hack Team. The group engages in politically motivated data leaks and destructive actions. 7. **[Grandoreiro Banking Trojan Campaign](https://security.microsoft.com/intel-explorer/articles/bc072613)**: IBM X-Force tracks the Grandoreiro banking trojan, which operates as Malware-as-a-Service (MaaS) and targets over 1500 global banks. The malware uses advanced evasion techniques and spreads through phishing emails, aiming to commit banking fraud worldwide. 8. **[Void Manticore\'s Destructive Wiping Attacks](https://security.microsoft.com/intel-explorer/articles/d5d5c07f)**: Check Point Research analyzes the Iranian threat actor Void Manticore, conducting destructive wip |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | **: 0006 0842 0861 1500 2024 about academic access achieve acrid actions activity actor actors additional administrators ads advanced advertisements agents aim aiming albania aligning america analyzes are array artificial associated as storm attachments attack attackers attacks backdoor banking banks based beacons bitdefender blog: browser builders campaign campaigns can casbaneiro cert check china chinese cobalt collection com/intel commands commit community conducting corporate credentials crypto cryptocurrency custom customer customers cyber data date defender deploying deployment describes description destructive detected developed disable discovered discussed distribute distributing diverse dll download downloads drivers edrs elastic emails emerald employ employing employs encompassing engages engine ensures entities environments: establish evasion exfiltrate exfiltrating exfiltration explorer/articles/003295ff explorer/articles/624f5ce1 explorer/articles/72f52370 explorer/articles/7bef5f52 explorer/articles/8ca39741 explorer/articles/a67a621d explorer/articles/bc072613 explorer/articles/c2420a77 explorer/articles/c95e7fd5 explorer/articles/cbf8691b explorer/articles/ccbece59 explorer/articles/cdc0c90f explorer/articles/d5d5c07f fake fileless files financial financially focus following force forcepoint found fraud from geographically get gh0strat ghostengine global gomir government grandoreiro group groups hack hacktivist handoff haze highlight highlights highly html https://aka https://security hunter ibm identified ikaruz impact include including increasing individuals influence information initiate installs institutions intelligence intrusion involved iran iranian israel kaspersky keyloggers kimsuky korea korean labs last latest leading leaked leaks learn leveraging like linked linux lnk lockbit maas maintain malicious malspam malvertising malware manticore may mechanisms metadata metamorfo microsoft military miners mining ministry mitigate modified module mois monero more most motivated ms/threatintelblog networks new north observed operates operations organizations osint other out over packages persistence philippine philippines phishing point politically posing powershell prevent procedures profile: profiles/0c1349b0f2bd0e545d4f741eeae18dd89888d3c0fbf99540b7cf623ff5bb2bf5 profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/e75c30dac03473d46bf83d32cefa79cdbd4f16ee8fd4eb62cf714d7ba9c8de00 profiles/f1e214422dcaf4fb337dc703ee4ed596d8ae16f942f442b895752ad9f41dd58e profiles/fd8511c1d61e93d39411acf36a31130a6795efe186497098fe0c6f2ccfb920fc proofpoint protection provide putty range ransomware rat rats reach recent recommended red ref4578 region regions remote reporting reports research respond reveals risks rms scarletstealer scarred schemes sea search sectors security sensitive serialpktdoor service set shortcut sideloading significant sites sleet sliver smokeloader snapshot software sophisticated south spear sponsored spreads springtail state steal stealer stealers stealing storm strike such sugargh0st summary symantec sys01 system systematic systems taleshot target targeted targeting targets team techniques termination these threat threats three through ties tool toolkit tools tracks trends trojan trojanized trojans troll turk types uac ukraine underscoring unfading use user users uses using utilities variety various vectors void vulnerable wallets week weekly which widespread windows winscp wipers wiping worldwide |
| Tags | Ransomware Malware Hack Tool Threat |
| Stories | APT 34 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.