One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8573205 |
| Date de publication | 2024-09-09 11:04:46 (vue: 2024-09-09 11:18:08) |
| Titre | Faits saillants hebdomadaires OSINT, 9 septembre 2024 Weekly OSINT Highlights, 9 September 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting highlights a broad spectrum of cyber threats with notable trends in malware campaigns, espionage, and ransomware attacks. Phishing remains a dominant attack vector, delivering a variety of payloads like custom backdoors, infostealers, and ransomware. Nation-state actors such as Russia\'s APT29 (Midnight Blizzard) and China\'s Earth Lusca were prominent, focusing on espionage and targeting specific regions like East Asia and the Middle East. Other notable threats included the use of deepfakes for scam campaigns and the exploitation of unpatched vulnerabilities in widely used software like Microsoft Office and WPS Office. The targeting of organizations ranged from government entities to private sector businesses, with some attacks focusing on specific industries like finance, healthcare, and technology. ## Description 1. [Unique Malware Campaign \'Voldemort\'](https://sip.security.microsoft.com/intel-explorer/articles/3cc65ab7): Proofpoint researchers uncovered a phishing campaign distributing custom malware via emails impersonating tax authorities across multiple countries. The malware, likely motivated by espionage, uses advanced techniques like abusing Google Sheets for command-and-control (C2) to avoid detection. 2. [Python-Based Infostealer \'Emansrepo\'](https://sip.security.microsoft.com/intel-explorer/articles/94d41800): FortiGuard Labs identified Emansrepo, a Python-based infostealer targeting browser data and files via phishing emails. The malware has evolved into a sophisticated multi-stage tool, expanding its capabilities to steal sensitive data like cryptocurrency wallets. 3. [Deepfake Scams Using Public Figures](https://sip.security.microsoft.com/intel-explorer/articles/6c6367c7): Palo Alto Networks researchers discovered deepfake scams impersonating public figures to promote fake investment schemes. These scams, involving a single threat actor group, target global audiences with AI-generated videos hosted on domains with significant traffic. 4. [Zero-Day Vulnerabilities in WPS Office](https://sip.security.microsoft.com/intel-explorer/articles/f897577d): ESET researchers identified two zero-day vulnerabilities in Kingsoft WPS Office exploited by the APT-C-60 group. The vulnerabilities allowed attackers to execute arbitrary code in targeted East Asian countries, using malicious documents to deliver a custom backdoor. 5. [KTLVdoor Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/222628fc): Trend Micro uncovered KTLVdoor, a highly obfuscated backdoor developed by Earth Lusca, targeting Windows and Linux systems. The malware allows attackers to fully control infected systems and is primarily linked to Chinese-speaking actors. 6. [Fake Palo Alto GlobalProtect Tool](https://sip.security.microsoft.com/intel-explorer/articles/22951902): Trend Micro identified a campaign targeting Middle Eastern organizations with a fake version of Palo Alto GlobalProtect. The malware executes remote PowerShell commands and exfiltrates files while masquerading as a legitimate security solution. 7. [APT29 Targets Mongolian Government Websites](https://sip.security.microsoft.com/intel-explorer/articles/12b5ac31): Google TAG discovered that Russian APT29 used iOS and Chrome exploits to target Mongolian government websites. The attack, linked to commercial surveillance vendors, involved watering hole attacks to steal authentication cookies from targeted users. 8. [MacroPack-Abused Malicious Documents](https://sip.security.microsoft.com/intel-explorer/articles/cd8dec3b): Cisco Talos found malicious documents leveraging MacroPack to deliver payloads like Havoc and PhantomCore RAT. These documents used obfuscated macros and lures in multiple languages, complicating attribution to any single threat actor. 9. [Underground Ransomware by RomCom Group](https://sip.security.microsoft.com/intel-explorer/articles/e2a44c7c): FortiGuard Labs identified the Underground ransomware targeting Windows systems, deployed by the Russia-based RomCom |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | ### **© 0978 2021 2023 2024 2024** 36884 457d 496d 64fe 700 701105e7945e/overview a695 about abused abusing achieving across actions active activity actor actors ad3c adobe advanced all allowed allows alongside alto analyzed any apt apt29 arbitrary around asia asian associated attack attackers attacks attribution audiences authentication authorities authority avoid babylon backdoor backdoors based beavertail behind blindeagle blizzard blog: blotchyquasar broad browser brute businesses c6a795a33c27/analystreport campaign campaigns can capabilities check china chinese chrome cisco cobaltstrike code coldfusion colombian com/intel com/threatanalytics3/05658b6c com/threatanalytics3/9f7d0995 command commands commercial communicates community complicating compromised containing content continues control cookies copies copyright countries credentials cryptocurrency custom customer customers cve cyber cyfirma data date day dc62 decoy deepfake deepfakes defender deletes deliver delivering deployed description detected detection developed dian discovered discussed distributing distribution documents domains dominant downloading dropper earth east eastern emails emansrepo employ encryption ensure entities entity environments: eset espionage evade evolved exchange execute executes exfiltrates exfiltrating expanding exploitation exploited exploits explorer/articles/0fb07b36 explorer/articles/12b5ac31 explorer/articles/1966a7cd explorer/articles/222628fc explorer/articles/22951902 explorer/articles/2d5ffbad explorer/articles/3cc65ab7 explorer/articles/4d09890d explorer/articles/6c6367c7 explorer/articles/818f5bec explorer/articles/94d41800 explorer/articles/cd8dec3b explorer/articles/e2a44c7c explorer/articles/ed65488f explorer/articles/f897577d fake figures file files finance financial focus focusing following fortiguard found from fully generated get global globally globalprotect google government group has havoc healthcare heavy hidden highlights highly hole hosted https://aka https://security https://sip human identified impersonating included industries infected information infostealer infostealers infostealertargeting install insurance intelligence interviews investment invisibleferret involved involving ios iso its job keystrokes kingsoft korean ktlvdoor labs languages last latest layer lazarus leak learn legitimate leverages leveraging like likely linked linux logs lures lusca macropack macros maintain malaysia malaysian malicious mallox malware manage masquerading mekotio micro microsoft microuncovered middle midnight mitigate model mongolian more most motivated ms/threatintelblog multi multiple nation networks node north notable obfuscated obfuscation office officials open operated operating organizations osint other out over overview: palo part payload payloads payment pdfs permission persistence phantomcore phishing platforms political post posting powershell pressure prevent primarily private profile: profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/7fbe39c998c8a495a1652ac6f8bd34852c00f97dc61278cafc56dca1d443131e profiles/a09b8112881d2dead66c1b277c92ac586d9791e60b3b284ef303439a18d91786 profiles/d825313b053efea45228ff1f4cb17c8b5433dcd2f86353e28be2d484ce874616 prohibited projects prominent promote proofpoint protection provide public python ranged ransomware rat ratel recommended regions registry remains remote reporting reports reproduction research researchers reserved respond rights romcom russia russian samples saw scam scams schemes scripts sector securelist security seekers sensitive september server service shadow sheets significant since single site snapshot software solution some sophisticated source speaking specific spectrum stage state steal steals storm such summary surge surveillance system systems tactics tag tailored talos target targeted targeting targets tax taxes techniques technology thereof these threat threats through tool tools traffic transfers trend trends trick trojan trooper tropic two uncovered under underground unique unpaid unpatched urgency use used us |
| Tags | Ransomware Malware Tool Vulnerability Threat Prediction Medical Commercial |
| Stories | APT 38 APT 29 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.