One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8597846 |
| Date de publication | 2024-10-14 21:26:20 (vue: 2024-10-14 22:18:12) |
| Titre | Faits saillants hebdomadaires, 14 octobre 2024 Weekly OSINT Highlights, 14 October 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting highlights a complex landscape of cyber threats with a focus on APT groups, sophisticated malware, and exploitation of vulnerabilities. Many attacks are espionage-focused, with China-aligned groups like CeranaKeeper, Iran\'s Hazel Sandstorm, and Russia\'s Midnight Blizzard (SVR) leveraging spearphishing and vulnerability exploitation for intelligence gathering. Ransomware also remains a dominant attack type, with threat actors leveraging double extortion tactics to maximize pressure on victims. A surge in reporting on malware distribution was also observed, including Lua-based malware in the education sector and Pronsis Loader delivering Lumma Stealer. Additionally, multiple reports detail widespread campaigns leveraging phishing, malvertising, and cryptomining, with key targets being government institutions, financial services, and critical infrastructure. Attackers employ diverse techniques such as DNS tunneling, USB-based malware, and exploit known vulnerabilities like EternalBlue (CVE-2017-0144) and FortiOS (CVE-2024-23113). ## Description Last week\'s OSINT reporting highlights a complex landscape of cyber threats with a focus on APT groups, sophisticated malware, and exploitation of vulnerabilities. Many attacks are espionage-focused, with China-aligned groups like CeranaKeeper, Iran\'s Hazel Sandstorm, and Russia\'s Midnight Blizzard (SVR) leveraging spearphishing and vulnerability exploitation for intelligence gathering. Ransomware also remains a dominant attack type, with threat actors leveraging double extortion tactics to maximize pressure on victims. A surge in reporting on malware distribution was also observed, including Lua-based malware in the education sector and Pronsis Loader delivering Lumma Stealer. Additionally, multiple reports detail widespread campaigns leveraging phishing, malvertising, and cryptomining, with key targets being government institutions, financial services, and critical infrastructure. Attackers employ diverse techniques such as DNS tunneling, USB-based malware, and exploit known vulnerabilities like EternalBlue (CVE-2017-0144) and FortiOS (CVE-2024-23113). 1. [CeranaKeeper Targets Thai Government](https://sip.security.microsoft.com/intel-explorer/articles/b3aa72ef): ESET uncovered a new China-aligned APT, CeranaKeeper, targeting government institutions in Thailand, using unique tools for data exfiltration via cloud services. The group adapts its malware for stealth and has been mistakenly linked to Mustang Panda due to some shared methods. 2. [Largest DDoS Attack Mitigated](https://sip.security.microsoft.com/intel-explorer/articles/74f06d55): Cloudflare mitigated the largest publicly disclosed DDoS attack, peaking at 3.8 Tbps, which targeted financial services, internet, and telecom organizations globally. Akamai also identified a critical vulnerability in CUPS servers, potentially creating a new vector for DDoS amplification. 3. [Cuckoo Spear\'s Sophisticated Tools](https://sip.security.microsoft.com/intel-explorer/articles/d47fc595): Cybereason exposed the Cuckoo Spear campaign by APT10, using NOOPLDR and NOOPDOOR to conduct espionage against Japanese industries and governments. These advanced tools employ anti-detection techniques and facilitate network pivoting for exfiltration. 4. [Mamba 2FA Phishing Campaign](https://sip.security.microsoft.com/intel-explorer/articles/bfcb80ed): Sekoia identified a phishing campaign using Mamba 2FA, a PhaaS platform, to steal credentials and session cookies from Microsoft services. Attackers exploited MFA weaknesses and used Telegram bots for data exfiltration. 5. [Golden Jackal\'s Air-Gapped System Attacks](https://sip.security.microsoft.com/intel-explorer/articles/f0234a25): ESET researchers discovered Golden Jackal targeting European government organizations with tools designed to breach air-gapped systems. The group uses USB-based malware for espionage and data exfiltration. 6. [Awaken Likho Targets Russian Agencies](https://sip.security.microsoft.com/in |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | **© **lynx 0144 2017 2024 2024** 23113 2fa 9680 about abuse access accounts achieve across actions active actively activity actor actors adapts additional additionally ads advanced adversary advisories affected affects afghanistan after against agencies air akamai aligned all allowing also alto american among amos amplification analyst anti any app apps apt apt10 apt29 are associated asyncrat asyncrat: attack attackers attacks attribution autoit awaken backdoors based beaconing been behind being benign billing bitbucket blankstealer blending blizzard blog: both bots breach browsers brute builder but campaign campaign:** campaigns can capabilities capable capture card ceranakeeper chain check checks china chinese cisa claimed client cloud cloudflare cobalt code com/intel command commands communications community company compiled complex compromised conduct conducts content continues control cookies copyright core creating credential credentials credit critical cryptocurrency cryptomining csa: cuckoo cups customer customers customization customized cve cyber cyberattack cybereason cybersecurity cyble cyfirma dark darkvision data databases date ddos decryption defender defense defense: defenses delivered delivering delivery denied deploying deployment description designed despite detail detect detection development disables disclosed discord discovered discussed disguises disinformation disruption distribute distributed distributing distribution diverse djibouti dns documents dominant donut double downloading downloads drives due dumpforums during earth education educational efforts elections: emails emergency employ employs enables encryption encrypts engages engine enterprises environments: epm escalate escalation eset espionage establish estate eternalblue european evade evasion events exact exchange execute execution exfiltrates exfiltrating exfiltration experts exploit exploit: exploitation exploited exploited: exploiting exploits explorer/articles/003295ff explorer/articles/05cff118 explorer/articles/0c0e8013 explorer/articles/0d95c329 explorer/articles/13657cb8 explorer/articles/25258be4 explorer/articles/29587102 explorer/articles/2a80bffc explorer/articles/2c8cb717 explorer/articles/3a434b70 explorer/articles/6bedb4b5 explorer/articles/74368091 explorer/articles/74f06d55 explorer/articles/75886ae6 explorer/articles/7f7cd483 explorer/articles/80e5ebbc explorer/articles/8e774461 explorer/articles/90d6648c explorer/articles/952e5e3d explorer/articles/9782a9ef explorer/articles/998e3172 explorer/articles/a5abfb30 explorer/articles/b3aa72ef explorer/articles/b7f1454e explorer/articles/bc0f3dd1 explorer/articles/bfcb80ed explorer/articles/c9ea8588 explorer/articles/cf0e0176 explorer/articles/d47fc595 explorer/articles/d91af2de explorer/articles/e05c3847 explorer/articles/f0234a25 explorer/articles/fbb26e9f exposed extortion facilitate facilitates facing fake features federal files finance financial financially finhealthxds firefox flaw flaws focus focused following force formats fortinet fortios found four framework free from further gain gaming gapped gather gathering geofencing geographic get github globally golden government governments group groups gulf hacktivists harder harvest has hazel healthcare highlights hiloti hollowing hosting https://aka https://security https://sip human icedid icon identified identify imeex impacted impersonating impersonation including industrial industries industry infect infected infection influence information infostealers infrastructure initiate injection installer instant institutions intelligence internal internet intezer investigating involves iran issued its ivanti jackal japanese jphp karkoff kaspersky key known labs landscape largest last latest latrodectus leads leak learn led legitimate lemonduck leveraged leverages leveraging like likely likho linked loader location lua lumma lying lynx mac machines maintain make malicious malvertising malware mamba management mandated manipulate manipulation many mass maximize meshagent messaging methods mfa microsoft mid middlefloor |
| Tags | Ransomware Malware Tool Vulnerability Threat Patching Industrial Medical Cloud |
| Stories | APT 29 APT 10 GoldenJackal |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.