One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8617686 |
| Date de publication | 2024-11-25 12:11:18 (vue: 2024-11-25 17:08:29) |
| Titre | Weekly OSINT Highlights, 25 November 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting reveals a persistent focus on sophisticated attacks targeting diverse sectors, from critical infrastructure to financial services and national defense. Attack types ranged from ransomware and phishing to cyberespionage and supply chain attacks, often leveraging advanced malware like LODEINFO, Asyncshell, and DEEPDATA. Threat vectors predominantly exploit unpatched vulnerabilities, malvertising, supply chain attacks, and credential harvesting, with phishing and social engineering remaining prominent tactics. Notable actors include APT groups such as Gelsemium and BrazenBamboo, alongside cybercriminal collectives like Ignoble Scorpius and Water Barghest, targeting organizations across the US, Europe, and Asia. The findings underscore the growing complexity of cyber threats, emphasizing the need for proactive threat intelligence and robust cybersecurity defenses. ## Description 1. [Helldown Ransomware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/2af97093): Sekoia researchers detailed the Helldown ransomware exploiting a Zyxel firewall vulnerability (CVE-2024-42057) to infiltrate corporate networks. Primarily targeting SMBs in the US and Europe, the attackers deploy Linux and Windows ransomware variants for data extortion and VM encryption. 1. [APT-K-47 Asyncshell Malware](https://sip.security.microsoft.com/intel-explorer/articles/aac966a9): Knownsec reported APT-K-47\'s use of Hajj-themed lures and malicious CHM files to distribute Asyncshell malware. The campaign, targeting South Asian countries, utilizes upgraded stealth tactics and evolving C2 infrastructure for long-term espionage. 1. [Linux Backdoors by Gelsemium](https://sip.security.microsoft.com/intel-explorer/articles/fc22b3bb): ESET researchers identified WolfsBane and FireWood backdoors used by the China-linked APT group Gelsemium for cyberespionage. These tools enable stealthy, persistent access to Linux systems, targeting sensitive data and emphasizing APT trends toward exploiting Linux environments. 1. [Lottie-Player Supply Chain Attack](https://sip.security.microsoft.com/intel-explorer/articles/86e2a9b6): ReversingLabs discovered a supply chain attack on the npm package @lottiefiles/lottie-player, compromising web3 wallets through malicious code. This incident highlights vulnerabilities in open-source ecosystems and the risk of compromised developer credentials. 1. [VMware Vulnerabilities Exploited](https://sip.security.microsoft.com/intel-explorer/articles/2eda898d): CISA added two VMware vulnerabilities, CVE-2024-38812 and CVE-2024-38813, to the Known Exploited Vulnerabilities Catalog. These flaws, involving heap overflow and privilege escalation, threaten vCenter Server and Cloud Foundation environments, emphasizing the need for immediate patching. 1. [Phishing Campaign Targeting Telecom and Financial Sectors](https://sip.security.microsoft.com/intel-explorer/articles/29972b65): EclecticIQ reported a phishing campaign using Google Docs and Weebly to bypass detection, targeting telecom and financial sectors. Threat actors employed tailored lures, fake MFA prompts, and SIM-swapping tactics to steal sensitive data. 1. [Lumma Stealer Distributed via Telegram](https://sip.security.microsoft.com/intel-explorer/articles/f250caee): McAfee researchers observed Lumma Stealer disguised as cracked software and distributed through Telegram channels. The malware targets users in India, the US, and Europe, stealing cryptocurrency and personal data via sophisticated injection techniques. 1. [Rise of ClickFix Social Engineering](https://sip.security.microsoft.com/intel-explorer/articles/67d03ba9): Proofpoint researchers identified ClickFix, a social engineering tactic that tricks users into executing malicious PowerShell commands, leading to malware infections such as AsyncRAT and DarkGate. Used by groups like TA571 and ClearFake, the method targets Ukrainian entities and employs malvertising, GitHub notifications, and CAPTCHA phishing lures. |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | **© 0012 0237 1122 2024 2024** 2311 38812 38813 42057 5560 600 6b09d1a63811 80d4 @lottiefiles/lottie about access accounts across actions activities activity actor actors added administrative ads advanced affected affiliated against agencies aimed all allied alongside also alto any apartment app application apps apt apt10 asia asian associated asyncrat asyncshell attack attackers attacks authentication automated backdoors barghest based billing bitdefender bitwarden blacksuit blog: botnet bots bound brass brazenbamboo browser buildings bypass bypasses campaign campaigns can capabilities captcha catalog chain channels check china chinese chm chrome cisa clearfake clickfix cloud code collectives com/intel commands community companies complexity compromised compromising conferencing construction content control coordinated copyright corporate cotton countries cracked credential credentials critical cryptocurrency customer customers cve cyber cybercriminal cyberespionage cybersecurity danabot darkgate data date day ddos ddosia deceptive deepdata defender defense defenses delivered delivering demanding demonstrating deploy deployed deploying description detailed detection developer devices discovered discussed disguised disinformation disrupt distribute distributed distribution diverse docs documents during earth eclecticiq ecosystems efficient email emails emennet emerges emphasizing employed employs enable enabled encrypt encryption energy engaging engineering enterprise entities environments environments: escalation eset espionage europe european evolution evolving executing exfiltrate exfiltrates exfiltration exploit exploitation exploited exploiting exploits explorer/articles/07ad7a2e explorer/articles/29972b65 explorer/articles/2af97093 explorer/articles/2eda898d explorer/articles/67d03ba9 explorer/articles/6d79c4e3 explorer/articles/6fffeb3b explorer/articles/7480fde2 explorer/articles/7fbd8a15 explorer/articles/86e2a9b6 explorer/articles/87813b8d explorer/articles/87adc2a0 explorer/articles/8eac574e explorer/articles/993b88fe explorer/articles/9a2e8410 explorer/articles/9f11185c explorer/articles/a52645c5 explorer/articles/aac966a9 explorer/articles/b873fbaf explorer/articles/ccbece59 explorer/articles/e1cbba96 explorer/articles/e95dd16f explorer/articles/f250caee explorer/articles/f94c84ac explorer/articles/fc22b3bb exposed extension extensions extortion facebook fake fakecaptcha files financial findings firewall firewood flaws focus following forticlient fortinet found foundation france fraudulent from frostygoop gabagool gelsemium gen get github globally glove google gootloader government granting group groups growing hacktivist hajj harvesting heap heating helldown hide highlighting highlights hosted https://aka https://security https://sip ics identified identities ignoble immediate impersonates incentivizing incident include included including india infections infiltrate infiltrated influence info information infostealers infrastructure injection insider intelligence interfaces internal involving iot iranian irgc israel its january japan jobs kasha kit known knownsec korean labs landing laos last later latest launched leading learn leverages leveraging lightspy like linked linux lodeinfo long lottie lumma lunar lures maintain malicious malvertising malware management manufacturing march mcafee memos method mfa micro microsoft mikrotik mimikatz mirrorstealer mitigate modbus modules monetizing more most ms/threatintelblog multi multifactor national navy need network networks ngioweb noname057 noopdoor north notable notifications november npm observed often olympics open operation operations operatives organizational organizations osint out over overflow package pages pakistan palo pan part participation pasargad patching pdfs peek permission persistent personal phishing platform player political potential powershell predominantly prevent primarily privilege pro proactive process profile: profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/2dffdfcf7478886ee7de79237e5aeb52b0ab |
| Tags | Ransomware Malware Tool Vulnerability Threat Patching Industrial Prediction Cloud |
| Stories | APT 10 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.