One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8593765 |
| Date de publication | 2024-10-07 16:54:11 (vue: 2024-10-07 17:18:09) |
| Titre | Faits saillants hebdomadaires OSINT, 7 octobre 2024 Weekly OSINT Highlights, 7 October 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting highlights diverse and sophisticated attack tactics, primarily focusing on nation-state actors, cybercriminal groups, and advanced malware campaigns. Common attack vectors include spear-phishing, exploiting vulnerabilities (such as CVEs in Linux servers and AI infrastructure), and malware delivered through fileless methods. The malware ranges from Joker\'s subscription fraud (targeting mobile devices) to more complex backdoors like WarmCookie, which allows system profiling and further malware deployment. North Korean APT groups (APT37 and Stonefly) remain active, targeting Southeast Asia and United States companies, while Iranian actors focus on political campaigns. Financially motivated attacks are also prominent, with ransomware groups like Meow and attackers using MedusaLocker deploying advanced techniques for exfiltration and encryption. Cloud environments and AI infrastructure, including generative models like AWS Bedrock, have emerged as critical targets, exposing new vulnerabilities for resource hijacking and illicit services. ## Description 1. [Golden Chickens\' More_Eggs](https://sip.security.microsoft.com/intel-explorer/articles/4cb94d70): Trend Micro discovered the use of the more\_eggs backdoor in spear-phishing attacks, targeting various industries. Recent campaigns involved advanced social engineering, and while attribution remains unclear, there are possible ties to FIN6 (Storm-0538). 2. [Linux Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/68e49ad7): Elastic Security Labs uncovered a Linux malware campaign using KAIJI for DDoS attacks and RUDEDEVIL for cryptocurrency mining. The attackers exploited Apache2 vulnerabilities and used Telegram bots for communication and persistence. 3. [Rhadamanthys Malware Updates](https://sip.security.microsoft.com/intel-explorer/articles/c9ea8588): Recorded Future reported on the evolving Rhadamanthys information-stealing malware, now incorporating AI-driven OCR for cryptocurrency theft. It targets systems in North and South America, leveraging encryption and advanced defense evasion techniques. 4. [NVIDIA Container Toolkit Vulnerability](https://sip.security.microsoft.com/intel-explorer/articles/a35e980e): Wiz Research discovered a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit, exposing cloud and AI environments to container escape attacks. This flaw could lead to unauthorized control over host systems and data exfiltration. 5. [K4Spreader and PwnRig Campaign](https://sip.security.microsoft.com/intel-explorer/articles/416b07c0): Sekoia TDR linked a campaign exploiting WebLogic vulnerabilities to the 8220 Gang, deploying the K4Spreader malware and PwnRig cryptominer. The attackers primarily target cloud environments for Monero mining, exploiting both Linux and Windows systems. 6. [Nitrogen Malware Incident](https://sip.security.microsoft.com/intel-explorer/articles/d0473059): The DFIR Report analyzed an attack using Nitrogen malware delivered through a malicious Advanced IP Scanner installer. The threat actor used Sliver and Cobalt Strike beacons, eventually deploying BlackCat ransomware across the victim\'s network. 7. [Gorilla Botnet\'s DDoS Attacks](https://sip.security.microsoft.com/intel-explorer/articles/0bcef023): NSFOCUS identified the Gorilla Botnet, a Mirai variant, launching over 300,000 DDoS attacks. Its primary targets were U.S., Chinese, and global sectors, including government and telecom, using advanced encryption techniques for stealth. 8. [Iranian IRGC Cyber Activity](https://sip.security.microsoft.com/intel-explorer/articles/42850d7b): The FBI and UK\'s NCSC warned about Iranian IRGC-affiliated actors targeting individuals related to Middle Eastern affairs. Using social engineering, they focused on stealing credentials and influencing U.S. political campaigns. 9. [Critical Infrastructure Reconnaissance](https://sip.security.microsoft.com/intel-explorer/articles/d491ff08): Dragos detected a campaign targeting North Ame |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | **© **: **fin7 000 0132 0538 140 1b6e9d34c9a2/overview 2021 2023 2024 2024** 300 4034 45519 4d25 75b1 8220 8602 about access across actions active activities activity actor actors advanced affairs affiliated against age ahead ai/ aiming all allowing allows alongside also alto america american analyzed anthropic anti any apache2 appdomainmanager appliances applications apt apt37 aqua arbitrary are artificial asia associated attachments attack attacker attackers attacks attribution automates aws babylockerkz backdoor backdoors base64 beacons bedrock been begins bitdefender black blackcat blog: both botnet bots brands browser bulgaria bypassing cambodia campaign campaigns can capabilities cards chain challenging check chickens child chinese cisco claude cloud cobalt code codes collective com/en com/intel com/threatanalytics3/985b6e5b command commands common communicates communication community companies complex compromised conduct conducted confirmation contact container containing content conti control copyright could countries credential credentials critical cryptocurrency cryptominer cryptomining csem custom customer customers cve cves cyber cyberattack cyberav3ngers cybercriminal cyble dark data date dcrat ddos deepnude defender defense delivered delivering delivers delivery deploy deployed deploying deployment description despite detailed detected detection devices dfir discovered discussed disguised distribute distribution diverse downloading dragos driven eastern eggs elastic election elections emails emerged emerging employs enabling encoded encryption engineering environments environments: escape establish evade evading evasion eventually evolution evolving execute execution exfiltration exploit exploitation exploited exploiting exploits explorer/articles/0bcef023 explorer/articles/17fb4d2d explorer/articles/24d3e55f explorer/articles/2e62a43c explorer/articles/33986739 explorer/articles/416b07c0 explorer/articles/42850d7b explorer/articles/4cb94d70 explorer/articles/522d2266 explorer/articles/5296fcfd explorer/articles/5c7111cf explorer/articles/637f1296 explorer/articles/68e49ad7 explorer/articles/70eabb8c explorer/articles/837183c0 explorer/articles/952e5e3d explorer/articles/980e77f8 explorer/articles/9e3529fc explorer/articles/a35e980e explorer/articles/a558d6ba explorer/articles/a850b55a explorer/articles/bcffa357 explorer/articles/c9ea8588 explorer/articles/cb001933 explorer/articles/d0473059 explorer/articles/d491ff08 explorer/articles/de6c5c9b explorer/articles/e0ace9f8 exposed exposing fake family fbi features file fileless files fin6 fin7 finances financially flaw focus focused focusing followed following forms found fraud from further future gain gang generated generative get global globally golden gorilla government group groups hack hackers hakuna has hat have highlighting highlights hijacking host hosting html https://aka https://security https://sip https://www human ics identified illegal illicit impacts impersonating impersonation incident include including incorporating increase indicating indictments individuals industries infect infection infiltrate influencing information infostealers infrastructure initial installer installers instructions intelligence intercepting involved involving iranian irgc its jacking joker judge july k4spreader kaiji kaspersky key keys korean labs last lateral latest launching lead leading leak leaked leaks learn led leveraging like linked linux llm lnk loaders loading mail maintain making malicious malware mask matata material medusalocker meow messenger methods micro microsoft middle mimicking mimikatz mining mint mirai misconfigurations mitigate mobile models monero more more most motivated movement ms/threatintelblog multi nation nautilus ncsc netskope netsupport network networks new nigerian nitrogen njrat north noted notifications now nsfocus nvidia ocr october officials onyx operated operation operators opportunistic orchestrate organizations originated osint other out over overview: pages palo part particularly password pdfs perform permission persist |
| Tags | Ransomware Malware Tool Vulnerability Threat Mobile Prediction Cloud |
| Stories | APT 37 APT 45 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.