One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8577706 |
| Date de publication | 2024-09-16 11:20:34 (vue: 2024-09-16 12:18:11) |
| Titre | Faits saillants hebdomadaires, 16 septembre 2024 Weekly OSINT Highlights, 16 September 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting highlighted a broad array of cyber threats, with ransomware activity and espionage campaigns prominently featured. Russian and Chinese APT groups were particularly in the spotlight, with Aqua Blizzard targeting Ukrainian military personnel and Twill Typhoon affecting governments in Southeast Asia. RansomHub, a ransomware-as-a-service (RaaS) variant, and the newly emerged Repellent Scorpius also exploited known vulnerabilities and abused legitimate tools, employing double extortion tactics. Emerging malware, including infostealers like YASS and BLX Stealer, underscores the growing trend of targeting sensitive consumer data and cryptocurrency wallets, demonstrating the adaptability of threat actors in an evolving digital landscape. ## Description 1. [TIDRONE Targets Taiwanese Military](https://sip.security.microsoft.com/intel-explorer/articles/14a1a551): Trend Micro reports that the Chinese-speaking threat group, TIDRONE, has targeted Taiwanese military organizations, particularly drone manufacturers, since early 2024. Using advanced malware (CXCLNT and CLNTEND), the group infiltrates systems through ERP software or remote desktops, engaging in espionage. 2. [Predator Spyware Resurfaces with New Infrastructure](https://sip.security.microsoft.com/intel-explorer/articles/b0990b13): Insikt Group reports that Predator spyware, often used by government entities, has resurfaced in countries like the Democratic Republic of the Congo and Angola. With upgraded infrastructure to evade detection, Predator targets high-profile individuals such as politicians and activists through one-click and zero-click attack vectors. 3. [Ransomware Affiliates Exploit SonicWall](https://sip.security.microsoft.com/intel-explorer/articles/07f23184): Akira ransomware affiliates exploited a critical SonicWall SonicOS vulnerability (CVE-2024-40766) to gain network access. Targeting firewalls, they bypassed security via local accounts, leading to breaches in organizations with disabled multifactor authentication. 4. [RansomHub Ransomware Threatens Critical Infrastructure](https://sip.security.microsoft.com/intel-explorer/articles/650541a8): RansomHub ransomware-as-a-service has attacked over 210 victims across critical infrastructure sectors since early 2024, using double extortion tactics. The group gains entry via phishing, CVE exploits, and password spraying, and exfiltrates data using tools like PuTTY and Amazon S3. 5. [YASS Infostealer Targets Sensitive Data](https://sip.security.microsoft.com/intel-explorer/articles/d056e554): Intezer discovered "Yet Another Silly Stealer" (YASS), a variant of CryptBot, deployed through a multi-stage downloader called “MustardSandwich.” YASS targets cryptocurrency wallets, browser extensions, and authentication apps, using obfuscation and encrypted communications to evade detection. 6. [WhatsUp Gold RCE Attacks](https://sip.security.microsoft.com/intel-explorer/articles/b89cbab7): Exploiting vulnerabilities in WhatsUp Gold (CVE-2024-6670, CVE-2024-6671), attackers executed PowerShell scripts via NmPoller.exe to deploy RATs like Atera Agent and Splashtop. These attacks highlight the risk of delayed patching and underscore the importance of monitoring vulnerable processes. 7. [Repellent Scorpius Expands RaaS Operations](https://sip.security.microsoft.com/intel-explorer/articles/1f424190): Unit 42 reports on the emerging ransomware group Repellent Scorpius, known for using Cicada3301 ransomware in double extortion attacks. The group recruits affiliates via Russian cybercrime forums and uses stolen credentials to execute attacks on various sectors globally. 8. [APT34\'s Advanced Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/6289e51f): Check Point Research identified Iranian-linked APT34 targeting Iraqi government networks with sophisticated malware ("Veaty" and "Spearal"). Using DNS tunneling and backdoors, the group exploited email accounts for C2 communications, reflecting advanced espionage techniques. 9 |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | **© 2020 2023 2024 2024** 210 272 29155 29155: 40766 496d 6670 6671 about abuse abused access accidentally accounts across actions actively activists activity actor actors ad3c adaptability addresses advanced affecting affiliates agent air akira all allows also amazon america american amounts angola another any apac api appliances apps apt apt34 aqua are array arsenal: asia associated atera attachments attack attack: attacked attackers attacks attributed authentication away backdoor backdoors badiis banking bbtok been being black blizzard blog: blx both botnet breach breaches broad browser business bypassed c6a795a33c27/analystreport cadet called campaign campaign: campaigns can capabilities channel check chinese cicada3301 circulating cisco click clntend cloud code com/intel com/threatanalytics3/05658b6c communicate communication communications community compromised conducting congo consumer containing content control copyright cosmicbeetle countries credential credentials critical cryptbot cryptocurrency custom customer customers cve cxclnt cyber cyberattack cybercrime cybercriminal darknet data date dc62 december decoy defence defender delayed delivered democratic demonstrating deploy deployed deploying deploys description desktops detection devices digital disabled discord discovered discussed distributed distributing distribution dns double download downloader downloaders dragonrank drone early earth effective electromagnetic email emails emerged emerging emissions employing encrypted engaging enhancing entities entry environments: erp escalate espionage establish eternalblue evade evasion evolution: evolved evolving exe execute executed execution exfiltrate exfiltrates exfiltration expand expands experimenting exploit exploited exploiting exploits explorer/articles/07f23184 explorer/articles/11be64ff explorer/articles/14a1a551 explorer/articles/1f424190 explorer/articles/2c37909b explorer/articles/316c42ab explorer/articles/3de6b9a1 explorer/articles/6289e51f explorer/articles/650541a8 explorer/articles/687fdb34 explorer/articles/6d135763 explorer/articles/8903169f explorer/articles/8dcf03d6 explorer/articles/9295f6ce explorer/articles/9ad31638 explorer/articles/a193a825 explorer/articles/abe409c5 explorer/articles/b0990b13 explorer/articles/b89cbab7 explorer/articles/d056e554 exposed exposes extensions extortion family featured firewalls following forums found free from future gain gains gamaredon gapped get globally gold government governments grandoreiro group groups growing gru has hat have hazel high highlight highlighted highlights http https://aka https://security https://sip human identified iis iiss impersonate importance including individuals infect infiltrates information infostealer infostealers infrastructure insikt intelligence intercepted intezer iot iranian iraqi its javascript judicial kern keys known krebsonsecurity landscape last lateral latest latin leading leak learn legitimate leverage leveraging like linked local lockbit lures maintain malicious malware management manipulate manipulating manufacturers mekotio meters micro microsoft military military: million mimikatz mitigate monitoring more more most movement ms/threatintelblog multi multifactor mustang national nato nearby network networks new newly nmpoller noname npd numbers obfuscated obfuscation often older one open operated operations organizations osint other out over overview: panda part particularly password passwords patching payloads pdf permission persistence personal personnel phishing platforms plugx point politicians powershell prague predator premium preta prevent privileges processes profile profile: profiles/01aef6bb1a4cd12178aca7fceb848002164b83bf375fa33699ed4c5523b4fd3c profiles/028c3995955a4a710d67d5d4e9a5f067355bbc7ad58e5c5d1c1931e708e41b38 profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/2dffdfcf7478886ee7de79237e5aeb52b0ab0cd350f1003a12064c7da2a4f1cb profiles/6cea89977cc2795bb1a80cad76f4de2ffff256ac3989e757c530047912450e2d profiles/7758c5d446aa12e8278842a48f1a0b58b626c6dfe685 |
| Tags | Ransomware Malware Tool Vulnerability Threat Patching Prediction Cloud |
| Stories | APT 34 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.