One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8537522 |
| Date de publication | 2024-07-15 11:27:07 (vue: 2024-07-15 12:08:01) |
| Titre | Weekly OSINT Highlights, 15 July 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting highlights a diverse array of cyber threats, showcasing the prominence of sophisticated malware, information stealers, and ransomware attacks. Attack vectors frequently include compromised websites, phishing emails, malicious advertisements, and exploitation of known vulnerabilities, particularly in widely-used software like Oracle WebLogic and Microsoft Exchange. Threat actors range from organized state-sponsored groups, such as China\'s APT41 (tracked by Microsoft as [Brass Typhoon](https://security.microsoft.com/intel-profiles/f0aaa62bfbaf3739bb92106688e6a00fc05eafc0d4158b0e389b4078112d37c6)) and APT40 (tracked by Microsoft as [Gingham Typhoon](https://security.microsoft.com/intel-profiles/a2fc1302354083f4e693158effdbc17987818a2433c04ba1f56f4f603268aab6)), to individual developers using platforms like GitHub to distribute malware. The targets are varied, encompassing financial institutions, cryptocurrency exchanges, government agencies, and sectors like healthcare, education, and manufacturing, with a notable focus on high-value data and critical infrastructure across multiple countries. ## Description 1. [Clickfix Infection Chain](https://security.microsoft.com/intel-explorer/articles/85fea057): McAfee Labs discovered the "Clickfix" malware delivery method that uses compromised websites and phishing emails to trick users into executing PowerShell scripts. This method is being used to deliver [Lumma](https://security.microsoft.com/intel-profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad)[Stealer](https://security.microsoft.com/intel-profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad) and [DarkGate](https://security.microsoft.com/intel-profiles/52fa311203e55e65b161aa012eba65621f91be7c43bacaaad126192697e6b648) malware across multiple countries, including the US, Canada, and China. 2. [CRYSTALRAY Expands Targeting](https://security.microsoft.com/intel-explorer/articles/ecea26df): Sysdig researchers identified the threat actor CRYSTALRAY, who has scaled operations to over 1,500 victims using SSH-Snake and various vulnerabilities for lateral movement and data exfiltration. Targets include systems vulnerable to CVE-2022-44877, CVE-2021-3129, and CVE-2019-18394. 3. [DodgeBox Loader by APT41](https://security.microsoft.com/intel-explorer/articles/3524d2ae): Zscaler ThreatLabz reported on DodgeBox, a reflective DLL loader used by the Chinese APT41 group, also known as Brass Typhoon. The loader delivers the MoonWalk backdoor and employs sophisticated techniques like call stack spoofing to avoid detection. 4. [ViperSoftX Information Stealer](https://security.microsoft.com/intel-explorer/articles/8084ff7b): Trellix researchers highlighted ViperSoftX, an information stealer spread through cracked software and malicious eBooks. The malware uses PowerShell and AutoIt for data exfiltration and evasion, targeting cryptocurrency wallets and other sensitive information. 5. [Coyote Banking Trojan](https://security.microsoft.com/intel-explorer/articles/201d7c4d): BlackBerry detailed Coyote, a .NET banking trojan targeting Brazilian financial institutions. Delivered likely via phishing, it performs various malicious functions like screen capture and keylogging, communicating with C2 servers upon detecting target domains. 6. [Kematian-Stealer on GitHub](https://security.microsoft.com/intel-explorer/articles/4e00b1b4): CYFIRMA identified Kematian-Stealer, an open-source information stealer hosted on GitHub. It targets applications like messaging apps and cryptocurrency wallets, employing in-memory execution and anti-debugging measures to evade detection. 7. [Eldorado Ransomware-as-a-Service](https://security.microsoft.com/intel-explorer/articles/3603cd85): Group-IB reported on Eldorado, a RaaS targeting various industries and countries, primarily the US. Written in Golang, it uses Chacha20 and RSA-OAEP encryption and has customizable features for targeted attacks. 8. [DoNex Ransomware Flaw](https://security.microsoft.com |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | 18394 2019 2021 2022 2024 3129 44877 500 8base 962 about across actions activity actor actors ads advertisements advisory affected affecting affiliate against agencies also anti applications apps apt40 apt41 arc are array associated attack attacks australia autoit avast avoid backdoor banking being belgium blackberry blog: brass brazilian browser but byovd call campaign can canada capture chacha20 chain check china chinese cisa claimed clickfix clop com/intel communicating community compromised configurations continue countries coyote cracked critical crypto cryptocurrency cryptographic crystalray customer customers customizable cve cyber cyfirma darkgate data date debugging decrease decryptor defender deliver delivered delivers delivery deploy deployment description detailed detecting detection developed discovered discussed distribute distributing diverse dll dodgebox domains donex double due early ebooks education eldorado emails employing employs encompassing encryption enforcement environments: evade evasion exchange exchanges executing execution exemplified exfiltration expands exploitation exploiting exploits explorer/articles/201d7c4d explorer/articles/3307489a explorer/articles/3524d2ae explorer/articles/3603cd85 explorer/articles/3d13591e explorer/articles/4e00b1b4 explorer/articles/4fba4bf2 explorer/articles/6fc592fc explorer/articles/8084ff7b explorer/articles/85fea057 explorer/articles/a5e8d026 explorer/articles/e8378a00 explorer/articles/ecea26df extortion facing fake features file fileless financial flaw focus following found frequently from functions get gingham github golang google government group groups has healthcare high highlighted highlights hosted https://aka https://security hunter identified incidents include including individualdevelopers industries infection information infostealers infrastructure injection institutions intelligence italy july kematian key keylogging known labs last lateral latest law learn like likely loader lockbit lumma mac macos major malicious malware malwarebytes manufacturing mcafee measures memory messaging method micro microsoft miner miners mitigate moonwalk more most movement ms/threatintelblog multi multiple net notable oaep observed open operations oracle organizations organized osint other out over overall particularly performs phishing phobos platforms play poseidon powershell prevent primarily primary process profile: profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad profiles/52fa311203e55e65b161aa012eba65621f91be7c43bacaaad126192697e6b648 profiles/a2fc1302354083f4e693158effdbc17987818a2433c04ba1f56f4f603268aab6 profiles/f0aaa62bfbaf3739bb92106688e6a00fc05eafc0d4158b0e389b4078112d37c6 prominence protection provide provided public published qilin raas range ransomware rapid recent recommended reconnaissance reflective reported reporting reports research researchers respond return rise rodrigo4 rsa scaled screen scripts sectors security sensitive servers service showcasing sigbin site slight snake snakefly snapshot software sophisticated source sponsored spoofing spread ssh stack stage state stealer stealers such summary symantec sysdig systems tactics target targeted targeting targets team techniques threat threatlabz threats through tool tracked trellix trend trends trick trojan typhoon upon use used users uses using value varied various vector; vectors victims vipersoftx vpn vulnerabilities vulnerable wallets water weblogic websites week weekly who widely written zscaler |
| Tags | Ransomware Malware Tool Vulnerability Threat Legislation Prediction Medical |
| Stories | APT 41 APT 40 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.