One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8626055 |
| Date de publication | 2024-12-16 12:50:03 (vue: 2024-12-16 13:08:38) |
| Titre | Weekly OSINT Highlights, 16 December 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting highlighted a diverse range of cyber threats, emphasizing sophisticated malware, targeted attacks, and global threat actor activities. Credential theft and data exfiltration emerged as prominent attack types, as seen in campaigns like Bizfum Stealer and Meeten malware targeting cryptocurrency users. Phishing remained a key attack vector, deployed in operations like UAC-0185\'s MeshAgent campaign against Ukraine and APT-C-60\'s SpyGlace backdoor targeting Japan. Nation-state actors dominated the landscape, including North Korea\'s UNC4736 exploiting DeFi systems and China\'s espionage on critical industries, while hacktivists like Holy League targeted France amid geopolitical unrest. The attacks primarily focused on sensitive targets such as critical infrastructure, financial systems, and government entities, underscoring the rising risks to global cybersecurity. ## Description 1. [Bizfum Stealer:](https://sip.security.microsoft.com/intel-explorer/articles/b522b6ae) CYFIRMA researchers discovered "Bizfum Stealer," an advanced information-stealing malware designed to exfiltrate credentials, cookies, and sensitive files from infected systems. Targeting popular browsers and leveraging platforms like GoFile and Telegram, it employs sophisticated techniques for stealth, encryption, and evasion. 1. [IOCONTROL Malware:](https://sip.security.microsoft.com/intel-explorer/articles/5fa3e494) Team82 identified IOCONTROL, a modular malware linked to Iran\'s IRGC-CEC, targeting IoT and OT devices to disrupt fuel systems in the U.S. and Israel. The malware uses advanced techniques, including DNS-over-HTTPS and AES-256-CBC encryption, to evade detection while compromising critical infrastructure. 1. [Kimsuky\'s Million OK Campaign:](https://sip.security.microsoft.com/intel-explorer/articles/d1e1ee65) Hunt researchers uncovered infrastructure tied to North Korea\'s APT group Kimsuky, which employed domains mimicking South Korea\'s Naver platform to steal credentials. The campaign\'s infrastructure used distinctive HTTP responses, shared server configurations, and phishing techniques to target South Korean users. 1. [UNC4736 Cryptocurrency Heist](https://sip.security.microsoft.com/intel-explorer/articles/3a647a38): Mandiant attributed the $50 million cryptocurrency theft from Radiant Capital to North Korea\'s UNC4736. The attackers used malware to compromise trusted developers, executing unauthorized transactions that exploited DeFi multi-signature processes while bypassing robust security measures. 1. [PUMAKIT Malware Report](https://sip.security.microsoft.com/intel-explorer/articles/a16902ac): Elastic Security Labs detailed PUMAKIT, a modular Linux malware employing fileless execution, kernel rootkits, and syscall hooking for stealth and persistence. Its sophisticated architecture allows it to manipulate system behaviors, evade detection, and target older kernel versions with privilege escalation capabilities. 1. [Android Banking Trojan in India](https://sip.security.microsoft.com/intel-explorer/articles/5ff566b7): McAfee researchers uncovered a trojan targeting Indian Android users, masquerading as utility apps and stealing financial data via malicious APKs distributed on platforms like WhatsApp. The malware exfiltrates data using Supabase and employs stealth tactics, compromising over 400 devices and intercepting thousands of SMS messages. 1. [DarkGate Malware via Teams Call](https://sip.security.microsoft.com/intel-explorer/articles/5cac0381): Trend Micro identified an attack leveraging Microsoft Teams to distribute DarkGate malware through social engineering and remote desktop applications. The attacker used vishing to gain trust and access, deploying malware with persistence and evasion techniques before being intercepted. 1. [Socks5Systemz Botnet Resurgence](https://sip.security.microsoft.com/intel-explorer/articles/15cfbc2f): Bitsight TRACE uncovered the long-standing Socks5Systemz botnet, which peaked at 250,000 compr |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $50 **© 000 0185 11882 2017 2022 2024 2024** 2113 250 256 400 about access achieved actions active activities activity actor actors advanced aes affecting against all allows amid amidst android anonymous any apks applications apps apt architecture archives associated attack attacker attackers attacks attributed authorities aviation backdoor backed banking based been before behaviors being bitbucket bitsight bizfum blend blog: bolster botnet breaches browsers bypassing call campaign campaign: campaigns can candidate capabilities capital causing cbc cec check china chinese citrine cloud code coinminer com com/52fa311203e55e65b161aa012eba65621f91be7c43bacaaad126192697e6b648 com/intel community compromise compromised compromises compromising concerns conducted conferencing configurations content cookies coordinated copyright covertly credential credentials criminal critical cryptocurrency customer customers cve cyber cyberattacks cybersecurity cyfirma darkgate data date ddos december defacements defender defi delivered delivery deployed deploying description designed desktop detailed detection developers devices digital discovered discrete discussed disrupt disrupting disruptions distinctive distribute distributed distributing distribution diverse dns documented domains dominated double downloads downstream eaglemsgspy elastic election emails emerald emerged emphasizing employed employing employs enables enabling encryption encrypts energy enforcement engineering enterprise entities entrepreneurs environments: escalating escalation espionage europe european evade evasion executing execution exfiltrate exfiltrates exfiltration exploited exploiting exploits explorer/articles/007c9fe8 explorer/articles/0ff2f831 explorer/articles/15cfbc2f explorer/articles/2b3cb06d explorer/articles/3a647a38 explorer/articles/3c32651f explorer/articles/44ce2f30 explorer/articles/507693d5 explorer/articles/5cac0381 explorer/articles/5fa3e494 explorer/articles/5ff566b7 explorer/articles/6534b34b explorer/articles/87adc2a0 explorer/articles/9dd28182 explorer/articles/a16902ac explorer/articles/b522b6ae explorer/articles/c893da4a explorer/articles/cac68fa5 explorer/articles/d1e1ee65 explorer/articles/d84dfe4f explorer/articles/db266374 extensive extortion extracts eye fileless files financial focused following found france fraudulent french from fuel gain generated geopolitical get github global globally gofile government group groups guys hacktivist hacktivists has heist highlighted highlights hijacking holy hooking http https https://aka https://security https://sip hunt identified images impacket impersonating included including increased india indian industrialists industries infected infiltrate infiltrated influence influencers information infostealers infrastructure injection insert integrated intelligence intercepted intercepting involvement involving iocontrol ios iot iran irgc israel its japan jpcert/cc kernel key kimsuky korea korean lab labs land landscape last latest law league leak leaks learn legitimacy legitimate leveraged leveraging library like likely linked linux living lnk long lookout lynx macos malicious malware malware: mandiant manipulate masquerading mcafee measures meeten meshagent messages micro microsoft military million mimicking mimikatz mitigate mobile modular more most ms/threatintelblog multi nation naver nearly networks noname057 north obfuscation off older open operates operation operational operations osint out outdated over package parallel part password payload payloads peaked permission persistence personal phishing php platform platforms political popular potential powershell presidential prevent primarily privateloader privilege processes profile: profiles/01aef6bb1a4cd12178aca7fceb848002164b83bf375fa33699ed4c5523b4fd3c profiles/19a4861eb55c4c074ab0a8c6f58738d8f50dda8badf96695758399e3d826dda6 profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/2dffdfcf7478886ee7de79237e5aeb52b0ab0cd350f1003a12064c7da2a4f1cb profiles/49921aa8f61714680f9645c77fad076c9439af357597272d874d7d0 |
| Tags | Ransomware Malware Tool Vulnerability Threat Legislation Mobile Industrial Prediction Cloud |
| Stories | APT C 60 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.