One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8519757 |
| Date de publication | 2024-06-17 11:42:19 (vue: 2024-06-17 12:10:44) |
| Titre | Faits saillants hebdomadaires, 17 juin 2024 Weekly OSINT Highlights, 17 June 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting reveals a landscape of cyber threats involving diverse and sophisticated attack strategies by state-sponsored actors and cybercrime organizations. The reports showcase various attack vectors, including phishing campaigns, exploitation of cloud services, and use of malware such as RATs, ransomware, and infostealers. Key threat actors like UNC5537, Kimsuky, and Cosmic Leopard are targeting sectors ranging from cloud computing and aviation to military and government entities, often leveraging stolen credentials and exploiting software vulnerabilities. These incidents underscore the critical need for robust security practices, such as multi-factor authentication and regular credential updates, to defend against increasingly complex and targeted cyber threats. ## Description 1. **[Warmcookie Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/d5d815ce)**: Elastic Security Labs identified Warmcookie, a Windows malware distributed via fake job offer phishing campaigns. The malware establishes C2 communication to gather victim information, execute commands, and drop files, with the campaign ongoing and targeting users globally. 2. **[Snowflake Data Theft](https://sip.security.microsoft.com/intel-explorer/articles/3cb4b4ee)**: Mandiant uncovered UNC5537 targeting Snowflake customers to steal data and extort victims using stolen credentials from infostealer malware. The campaign highlights poor credential management and the absence of MFA, prompting Snowflake to issue security guidance. 3. **[IcedID, Cobalt Strike, and ALPHV Ransomware](https://sip.security.microsoft.com/intel-explorer/articles/b74a41ff)**: DFIR Report analyzed a cyber intrusion deploying IcedID via malicious emails, followed by Cobalt Strike for remote control and ALPHV ransomware for encryption. Attackers used various tools for persistence, reconnaissance, and data exfiltration, showcasing a complex multi-stage attack. 4. **[ValleyRAT Multi-Stage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/c599ee92)**: Zscaler ThreatLabz identified a campaign deploying an updated ValleyRAT by China-based threat actors, using phishing emails and HTTP File Server for malware delivery. The RAT includes advanced evasion techniques and enhanced data collection capabilities. 5. **[APT Attacks Using Cloud Services](https://sip.security.microsoft.com/intel-explorer/articles/bebf8696)**: AhnLab Security Intelligence Center reported APT attacks leveraging Google Drive, OneDrive, and Dropbox to distribute malware. Attackers use malicious scripts and RAT strains to collect user information and perform various malicious activities. 6. **[CoinMiner vs. Ransomware Conflict](https://sip.security.microsoft.com/intel-explorer/articles/58dd52ff)**: ASEC described an incident where a CoinMiner attacker\'s proxy server was compromised by a ransomware actor\'s RDP scan attack. The CoinMiner botnet infection through MS-SQL server vulnerabilities was disrupted by the ransomware attack, illustrating inter-threat actor conflicts. 7. **[Sticky Werewolf Campaign](https://sip.security.microsoft.com/intel-explorer/articles/e3b51ad8)**: Morphisec Labs discovered Sticky Werewolf targeting the aviation industry with phishing campaigns using LNK files. The group, with suspected geopolitical ties, employs CypherIT Loader/Crypter for payload delivery and anti-analysis measures. 8. **[Kimsuky\'s Espionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/ab73cf6f)**: BlackBerry identified North Korea\'s Kimsuky group targeting a Western European weapons manufacturer with spear-phishing emails containing malicious JavaScript. The campaign underscores the growing threat of cyber espionage in the military sector. 9. **[Operation Celestial Force](https://sip.security.microsoft.com/intel-explorer/articles/0dccc722)**: Cisco Talos reported Cosmic Leopard\'s espionage campaign using GravityRAT and HeavyLift, targeting Indian defense and government sectors. The campaign em |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | **: 1811 2024 26169 about absence actions activities activity actor actors advanced against ahnlab alphv analysis analyzed android anti apt are asec associated attack attacker attackers attacks attempt authentication aviation based basta black blackberryidentified blackcat blog: both botnet campaign campaigndeploying campaigns can capabilities cardinal celestial center check china cisco cloud cobalt coinminer collect collection com/intel commands communication community complex compromised computing conflict conflicts containing control cosmic credential credentials critical customer customers cve cyber cybercrime cypherit data date day defend defender defense delivery deploying described description dfir discovered discussed disrupted distribute distributed diverse drive drop dropbox elastic emails employs encryption engineering enhanced entities environments: error escalation espionage establishes european evasion execute exfiltration exploitation exploiting exploits explorer/articles/0dccc722 explorer/articles/3cb4b4ee explorer/articles/58dd52ff explorer/articles/94661562 explorer/articles/ab73cf6f explorer/articles/b74a41ff explorer/articles/bebf8696 explorer/articles/c599ee92 explorer/articles/d5d815ce explorer/articles/e3b51ad8 extort factor fake file files followed following force found from gather geopolitical get globally google government gravity gravityadmin gravityrat group growing guidance heavylift highlights http https://aka https://security https://sip hunter icedid identified illustrating incident incidents includes including increasingly indian industry infection information infostealer infostealers intelligence inter intrusion involving issue javascript job june key kimsuky korea labs landscape last latest learn leopard leveraging like linked lnk loader/crypter lumma malicious malware managed management mandiant manufacturer measures mfa microsoft military mitigate more morphisec most ms/threatintelblog multi need north offer often onedrive ongoing operation organizations osint out payload perform persistence phishing poor potentially practices prevent privilege profile: profiles/0146164ed5ffa131074fa7e985f779597d2522865baa088f25cd80c3bed8d726 profiles/0a78394b205d9b9d6cbcbd5f34053d7fc1912c3fa7418ffd0eabf1d00f677a2b profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad profiles/5e2d288cf697eb7a6cadf420da45bbbf540ff71f76d9b0b21792f3ca9668068b profiles/dca3dd26090d054493961c69bf11b73d52df30d713169853165fbb66a2eb7ba4 profiles/ee69395aeeea2b2322d5941be0ec4997a22d106f671ef84d35418ec2810faddb profiles/fd8511c1d61e93d39411acf36a31130a6795efe186497098fe0c6f2ccfb920fc prompting protection provide proxy ranging ransomware rat rats rdp recommended reconnaissance regular remote report reported reporting reports research respond reveals robust scan scripts sector sectors security server service services showcase showcasing snapshot snowflake social software sophisticated spear sponsored sql stage state steal stealer sticky stolen storm strains strategies strike such summary suspected symantec talos targeted targeting team techniques theft these threat threatlabz threats through ties tool tools unc5537 uncovered underscore underscores updated updates use used user users using valleyrat various vectors victim victims vulnerabilities vulnerability warmcookie weapons week weekly werewolf werewolftargeting western where windows zero zscaler |
| Tags | Ransomware Malware Tool Vulnerability Threat Mobile Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.