One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8622260 |
| Date de publication | 2024-12-09 12:22:03 (vue: 2024-12-09 13:08:45) |
| Titre | Weekly OSINT Highlights, 9 December 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting highlights a diverse range of cyber threats spanning ransomware, espionage, supply chain attacks, and disinformation campaigns. Espionage activity remains prominent, with Chinese and Russian actors targeting organizations for geopolitical and industrial intelligence. Key trends include the exploitation of vulnerabilities in widely used software, such as Apache ActiveMQ (CVE-2023-46604) and Docker APIs, and advanced malware like SmokeLoader and MOONSHINE to target industries ranging from manufacturing to financial services. Ransomware groups, including Howling Scorpius and Venom Spider, leverage sophisticated techniques like double extortion and hybrid encryption, focusing on SMBs and enterprises. Targets span global industries, including sensitive infrastructure, while attack vectors predominantly involve phishing, misconfigured systems, and supply chain manipulation, underscoring the adaptability and persistence of modern threat actors. ## Description 1. [Manufacturing Sector Cyberattack](https://sip.security.microsoft.com/intel-explorer/articles/d976ecc3): Cyble Research and Intelligence Labs uncovered a campaign targeting the manufacturing sector with malicious LNK files masquerading as PDFs. The attack employs LOLBins, DLL sideloading, and advanced obfuscation techniques, using tools like Lumma stealer and Amadey bot to exfiltrate data and establish persistence. 1. [Phishing Malware Impersonating the National Tax Service (NTS)](https://sip.security.microsoft.com/intel-explorer/articles/6542e5a4): AhnLab has observed a significant increase in phishing emails impersonating the National Tax Service (NTS), particularly during tax filing periods. These phishing attempts involve emails with manipulated sender addresses to appear as if they are from the NTS, and they contain malicious attachments in various formats or hyperlinks leading to malware-hosting websites and the ultimate deployment of XWorm malware. 1. [Solana Web3.js library backdoored to steal secret, private keys](https://sip.security.microsoft.com/intel-explorer/articles/04dd6cf6): Socket security firm reported that versions 1.95.6 and 1.95.7 of the Solana Web3.js library contained code designed to exfiltrate private and secret keys, which could allow attackers to drain funds from wallets. The attack is believed to be the result of a social engineering/phishing attack targeting maintainers of the official Web3.js open-source library maintained by Solana. 1. [Exploitation of CVE-2023-46604 in Korea](https://sip.security.microsoft.com/intel-explorer/articles/ccb7bd15): AhnLab identified active exploitation of Apache ActiveMQ vulnerability CVE-2023-46604, enabling remote code execution on unpatched Korean systems. Threat actors, including Andariel and Mauri ransomware groups, used tools like Quasar RAT and AnyDesk to exfiltrate data and control compromised environments. 1. [China-Linked Espionage on U.S.-China Organization](https://sip.security.microsoft.com/intel-explorer/articles/9c09d15e): Symantec reported a four-month-long intrusion by suspected Chinese threat actors targeting a U.S. organization with a Chinese presence. The attackers used DLL sideloading, Impacket, and credential-dumping tactics to exfiltrate data, leveraging tools like FileZilla and PSCP for intelligence gathering. 1. [Earth Minotaur\'s MOONSHINE Campaign](https://sip.security.microsoft.com/intel-explorer/articles/699406a4): Trend Micro detailed Earth Minotaur\'s use of the MOONSHINE exploit kit to target vulnerabilities in Android apps like WeChat, delivering the DarkNimbus backdoor. The campaign, likely linked to Chinese actors, focuses on Uyghur and Tibetan communities, employing phishing and Chromium browser exploits to monitor devices. 1. [Vulnerabilities in RAG Systems](https://sip.security.microsoft.com/intel-explorer/articles/53083f3e): Trend Micro exposed critical vulnerabilities in Retrieval-Augmented Generation (RAG) systems, including vector stores and LLM hosting platforms like l |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | **© 000 0156 2023 2024 2024** 46604 about access achieved across actions active activemq activities activity actor actors adaptability addresses adds advanced afghan agency ahnlab aiocpa aiocpa: akira algorithms all allow amadey america amplify analyzed andariel android andromeda andromeda/gamarue anti antivirus any anydesk apache api apis appear apps are artificial asia associated attachments attack attackers attacks attempts augmented australia backdoor backdoored before behaviors believed black blizzard blog: boot bootkit bootkitty bootkitty: bot botnet browser bypassing campaign campaigns can capable chain check china chinese chromium cleversoar code collection com/intel communities community compromise compromised compromising concept contain contained containers content control copyright could countries cpp creating credential crimsonrat critical cryptocurrency cryptomining customer customers cve cyber cyberattack cybereason cyble darknimbus data date ddos december defender deliver delivering demonstrates deploy deploying deployment deploys description design designed detailed detection developers devices directly disabling discussed disinformation distributed distribution diverse divisions dll docker double drain drives dumping during earth east emails embedding emerging employing employs enabling encryption encrypts engine engineering/phishing enterprise enterprises environments environments: erode escalation eset espionage establish europe evolving executables executed execution exfiltrate exfiltrating exploit exploitation exploited exploiting exploits explorer/articles/04dd6cf6 explorer/articles/21eb0031 explorer/articles/27fd0302 explorer/articles/2e9104a0 explorer/articles/2f1551b2 explorer/articles/4eb65ffb explorer/articles/53083f3e explorer/articles/53869980 explorer/articles/6542e5a4 explorer/articles/699406a4 explorer/articles/87adc2a0 explorer/articles/9c09d15e explorer/articles/9e3529fc explorer/articles/a74e939f explorer/articles/b24308b0 explorer/articles/c718d8cb explorer/articles/ca4c0b91 explorer/articles/ccb7bd15 explorer/articles/d495e539 explorer/articles/d976ecc3 exposed extortion fake files filesystem filezilla filing financial firm firms flood focuses focusing following formats fortiguard found four from funds future gafgyt gamers gathering generated generation generative geopolitical get ghost global godloader godot group groups has highlights hijacking hijacks host hosting howling https://aka https://security https://sip hybrid hyperlinks identified impacket impacts impersonating include including increase industrial industries infection infections influence information infostealers infrastructure injecting injection inserting insikt installers intelligence intrusion involve involving iot its kernel key keylogging keys kit korea korean labs last lateral latest launches leading learn legitimate leverage leveraging library like likely linked linux llama llm lnk loader loading logistics lolbins long lotus lumen lumma lures maas machines maintained maintainers major malicious malware manipulated manipulation manufacturing masquerading mauri measures megazord methods micro microsoft minotaur misconfigured mitigate modern modification modifying modular modules monitor month moonshine more most movement ms/threatintelblog msi multi narratives national network networks new news nidhogg nodes north not nts obfuscation observed office official ollama open operation organization organizations osint out over pacific package pakistani part particularly payloads pdfs periods permission persistence phishing platform platforms plugins point predominantly presence prevent private privilege processes profile: profiles/01d15f655c45c517f52235d63932fb377c319176239426681412afb01bf39dcc profiles/19a4861eb55c4c074ab0a8c6f58738d8f50dda8badf96695758399e3d826dda6 profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad profiles/bbf5e96a17174198350dcb4aaef2c5a76355074bdb29d620d11e32c8699c648 profiles/eb747f064dc5702e50 |
| Tags | Ransomware Malware Tool Vulnerability Threat Mobile Industrial Prediction |
| Stories | APT 45 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.