One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8529167 |
| Date de publication | 2024-07-01 10:57:31 (vue: 2024-07-01 11:07:34) |
| Titre | Faits saillants hebdomadaires, 1er juillet 2024 Weekly OSINT Highlights, 1 July 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting reveals a landscape of diverse cyber threats characterized by sophisticated attack tactics and adaptable threat actors. Key themes include the proliferation of Remote Access Trojans (RATs) like Remcos and XWorm, as well as the deployment of ransomware in espionage campaigns by groups such as ChamelGang. The use of phishing, malicious documents, and social engineering tactics are prevalent attack vectors, often leading to the installation of malware, as seen with Fickle Stealer and StrelaStealer. Threat actors range from nation-state groups, including Chinese and Russian espionage teams targeting government and critical infrastructure, to cybercriminals employing Phishing-as-a-Service platforms like ONNX Store to target financial institutions. The targets of these attacks are diverse, encompassing telecom operators, government entities, academic institutions, and private sector organizations across various regions, highlighting the global and multifaceted nature of current cyber threats. ## Description 1. **[Chinese Espionage Group Targets Telecom Operators](https://sip.security.microsoft.com/intel-explorer/articles/e2de6dd7):** Symantec\'s Threat Hunter Team identified a prolonged espionage campaign by Chinese groups targeting telecom operators in an Asian country using tools like Coolclient and Rainyday. The attackers aimed to steal credentials and implant backdoors, suggesting motives ranging from intelligence gathering to infrastructure disruption. 2. **[Remcos RAT Distributed via Malicious Word Documents](https://sip.security.microsoft.com/intel-explorer/articles/f5983b2e):** Forcepoint analysts discovered the distribution of Remcos RAT through Word documents with shortened URLs, exploiting the Equation Editor vulnerability. The malware enables full system control for espionage and data theft, highlighting the importance of recognizing evolving cybercriminal tactics. 3. **[WordPress Plugins Compromised with Malicious PHP Scripts](https://sip.security.microsoft.com/intel-explorer/articles/d443398b):** Wordfence identified a threat actor tampering with five WordPress plugins to create new admin accounts and inject SEO spam. This breach affected over 35,000 websites, emphasizing the need for robust security measures and vigilant monitoring of plugin updates. 4. **[SugarGh0st Malware Campaign by SneakyChef](https://sip.security.microsoft.com/intel-explorer/articles/f1334283):** Cisco Talos uncovered "SneakyChef" using SugarGh0st malware to target government agencies in EMEA and Asia, employing decoy documents from foreign ministries. The group\'s infection chain involves SFX RAR files, with tactics suggesting a Chinese-speaking origin. 5. **[ChamelGang Uses Ransomware for Cyberespionage](https://sip.security.microsoft.com/intel-explorer/articles/b24f9fda):** SentinelLabs and Recorded Future reported on ChamelGang\'s use of CatB ransomware to target global high-profile organizations. The group, likely Chinese, uses ransomware to mislead attribution efforts and facilitate data exfiltration. 6. **[P2Pinfect Rust-based Malware Evolution](https://sip.security.microsoft.com/intel-explorer/articles/2238375c):** Cado Security highlighted the evolution of P2Pinfect, a Rust-based malware spreading via Redis with a botnet for pushing updated binaries. The malware includes a worm, miner, and ransomware payloads, demonstrating ongoing development for profit and network expansion. 7. **[UAC-0184 Targets Ukraine with XWorm RAT](https://sip.security.microsoft.com/intel-explorer/articles/1d853438):** CRIL reported on UAC-0184\'s malware campaign using XWorm RAT to target Ukrainian entities. The attack employs malicious LNK files and DLL sideloading to establish remote access, reflecting the group\'s evolving tactics. 8. **[Xctdoor Malware Targets Korean Companies](https://sip.security.microsoft.com/intel-explorer/articles/df357951):** AhnLab identified attacks on Korean companies using Xctdoor malware, initially infiltrating systems via an ERP update server. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 000 0184 2024 2fa 365 :** about academic access accounts across actions activities activity actor actors adaptable admin affected against agencies ahnlab aimed align amer analysts andariel anssi are asia asian associated attachments attack attackers attacks attribution avoids backdoors based binaries blizzard blog: botnet breach bridges browser bypass c&c cado campaign campaigns can catb chain chamelgang characterized check chinese cisco cobalt codes com/intel communication community companies compromised continuing control coolclient country create credentials cril critical crypto current customer customers cyber cyberattacks cybercriminal cybercriminals cyberespionage data date decoy defender delivering delivery demonstrating deployment description detected detection development diplomatic discovered discussed disruption distributed distribution diverse dll documents downloaders eclecticiq editor efforts email emea emphasizing employing employs enables encompassing engineering entities environments: equation erp espionage establish europe evade evades evasive evolution evolving exe exfiltration expansion exploiting explorer/articles/1d853438 explorer/articles/2238375c explorer/articles/286a8700 explorer/articles/46f42ff8 explorer/articles/46f79795 explorer/articles/8c09bc35 explorer/articles/97fa197a explorer/articles/991a2112 explorer/articles/b24f9fda explorer/articles/d443398b explorer/articles/df357951 explorer/articles/e2de6dd7 explorer/articles/f1334283 explorer/articles/f5983b2e facilitate facilitated fickle files financial five flax focus focusing following forcepoint foreign fortiguard found french from full future gathering get global goals government group groups high highlighted highlighting highlights https://aka https://security https://sip https://ssecurity hunter identified implant importance include includes including indicating infection infiltrating information infostealers infrastructure initially inject insikt installation institutions intelligence involves its javascript july key korean labs landscape last latest leading learn levelblue like likely linked lnk logins malicious malware measures microsoft midnight mimic miner ministries mislead mitigate monitoring more most motives ms/threatintelblog multifaceted nation national nature need network new nobelium north obfuscated observed often ongoing onnx onyx operators organizations origin osint other out outlook over p2pinfect packer payloads payloadsvia pdf persistence phaas phishing php platform platforms plugin plugins posing potential prevalent prevent primarily private profile profile: profiles/03ced82eecb35bdb459c47b7821b9b055d1dfa00b56dc1b06f59583bad8833c0 profiles/1d86849881abbb395d908d2739d9ad57e901d557fa8c25e0b3fd281e13764ff0 profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/d825313b053efea45228ff1f4cb17c8b5433dcd2f86353e28be2d484ce874616 profit proliferation prolonged protection provide pushing rainyday range ranging ransomware rar rat rats recognizing recommended recorded redis redjuliett reflecting regions regsvr32 remcos remote replication reported reporting reports research resembling respond reveals robust russian rust scripts sector sectors security seen sentinellabs seo server service sfx shells shortened sideloading sleet snapshot sneakychef social sonicwall sophisticated spam speaking spreading squidloader state steal stealer store strategic strelastealer strike such sugargh0st suggesting summary surge svr symantec system systems tactics taiwan taiwanese talos tampering target targeting targets team teams techniques technology telecom theft themes these threat threats through thunderbird tool tools trojans typhoon uac ukraine ukrainian uncovered update updated updates updating urls use uses using variants various vectors victims vigilant vpn vulnerability wallets web websites week weekly well word wordfence wordpress worm xctdoor xworm |
| Tags | Ransomware Spam Malware Tool Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.