One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8629143 |
| Date de publication | 2024-12-23 13:46:44 (vue: 2024-12-23 14:08:28) |
| Titre | Weekly OSINT Highlights, 23 December 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting revealed a variety of cyberattack trends, with phishing, malware, and supply chain attacks remaining prominent tactics across multiple industries. Attackers frequently exploit trust within organizations and communities, as seen in campaigns targeting security professionals with trojanized tools and compromised repositories, such as the MUT-1244 attack. Additionally, phishing continues to be a primary vector for delivering malware, ranging from credential harvesters like BellaCPP and Zloader to backdoors like CLNTEND and Glutton. Attackers are increasingly refining their techniques with evasion methods, such as DNS tunneling, obfuscated payloads, and exploiting vulnerabilities in software like ERP systems and cloud services. Threat actors span various regions and sectors, with notable focus on defense, government, financial, and technology targets, in the EMEA, APAC, and LATAM regions. ## Description 1. [WikiKit Campaigns Target Industries With Phishing Kits](https://security.microsoft.com/intel-explorer/articles/81b47d0d): WikiKit targets industries such as automotive, manufacturing, and healthcare, leveraging phishing kits with corporate branding to harvest credentials. The campaign uses advanced evasion techniques like tamper-proof JavaScript and CAPTCHA checks to bypass detection and continues to evolve. 2. [BellaCPP Malware Linked to Charming Kitten](https://security.microsoft.com/intel-explorer/articles/725329cd): BellaCPP malware demonstrates sophisticated persistence techniques and SSH tunneling capabilities. Found alongside an older BellaCiao sample on an infected machine in Asia, it highlights attackers\' evolving strategies to maintain network access, emphasizing the importance of thorough network investigations. 3. [Zloader Evolves With Enhanced DNS Tunneling](https://security.microsoft.com/intel-explorer/articles/9d76113f): Zloader malware now uses a custom DNS tunnel for C2 communications, advanced anti-analysis techniques, and GhostSocks payloads. Its evolving role as an initial access broker for ransomware highlights its growing sophistication and targeted infection methods. 4. [FlowerStorm Rises Amid Rockstar2FA Collapse](https://security.microsoft.com/intel-explorer/articles/ff7a63bc): After technical failures disrupted Rockstar2FA, FlowerStorm emerged with similar phishing infrastructure targeting North America and Europe. The service industry has been heavily impacted by these campaigns, which share backend similarities and operational overlap. 5. [Holiday-Themed Phishing Attacks Exploit Seasonal Urgency](https://security.microsoft.com/intel-explorer/articles/f8198f90): Threat actors exploit the holiday season with targeted lures, delivering malware like Remcos RAT and executing fraud schemes. Campaigns impersonate airlines, HR departments, and nonprofits to steal credentials, money, or sensitive information. 6. [IAM User Exploitation Targets Cloud LLM Models](https://security.microsoft.com/intel-explorer/articles/729893a5): Attackers exploited compromised IAM keys to access AWS environments and attempt unauthorized use of Bedrock LLM models. Despite privilege escalation efforts, Service Control Policies thwarted their attempts to invoke APIs for further abuse. 7. [Lumma Stealer Campaign Abuses Ad Networks](https://security.microsoft.com/intel-explorer/articles/994ccfa2): The Lumma Stealer malware campaign used Monetag ad networks to target users with malicious PowerShell commands disguised as CAPTCHA solutions. The malware harvests sensitive data and continues to resurface despite takedowns of compromised ad accounts. 8. [Evolved NodeStealer Variant Targets Facebook Ads and Financial Data](https://security.microsoft.com/intel-explorer/articles/f7587417): Trend Micro\'s Managed XDR team identified an evolved Python-based NodeStealer variant targeting Facebook Ads Manager accounts, credit card details, and browser-stored data. Spear-phishing emails in Bahasa Melayu, with poorly translated subject lines, were used to target an |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | **© 000 0099 11972 1244 2023 2024 2024** 38831 38831/ 390 50498 50498/ about abuse abuses access account accounts across actions activate activity actor actors additionally administrative ads advanced after against aiming airlines all allowing alongside alternate america amid analysis anti any apac apis app archives are artificial asia associated astaroth attack attackers attacks attempt attempts automotive aws azure backdoor backdoors backend bahasa based bedrock been bellaciao bellacpp bitter blog: branding broker browser builder bypass caiman campaign campaigns can capabilities captcha card chain charming check checks china clntend cloud code collapse com/intel commands communications communities community companies companion compress compromise compromised compromising conducted containing content continues control copyright corporate countries creating credential credentials credit critical crypto culebra custom customer customers cve cyberattack cyberattacks cybercriminals cybersecurity data date december defender defense deliver delivering demonstrates departments deployed description despite details detection developer directly discussed disguised disguising disrupted distribute distribution dll dns docusign domains dual educational effective efforts emails emea emerged emerging emphasizing employ enable enabled enables energy engineering enhance enhanced enterprise environments environments: erp escalation especially espionage europe european evasion evolve evolved evolves evolving execute executing execution exfiltrated exfiltration expanded exploit exploitation exploited exploiting exploits explorer/articles/17ed4fb4 explorer/articles/262002cf explorer/articles/4098d913 explorer/articles/4eaadc3a explorer/articles/629f71dc explorer/articles/687fdb34 explorer/articles/6ea1fd54 explorer/articles/725329cd explorer/articles/729893a5 explorer/articles/81b47d0d explorer/articles/95a327d2 explorer/articles/9782a9ef explorer/articles/994ccfa2 explorer/articles/9d76113f explorer/articles/9e3529fc explorer/articles/d0bce00c explorer/articles/f3f81d33 explorer/articles/f7587417 explorer/articles/f8198f90 explorer/articles/ff7a63bc explorer/cves/cve facebook failures families file fileless files financial flaw flowerstorm focus following forensic forestry form found fpm frameworks fraud free frequently from further gathering generative germany get ghostsocks github glutton government group growing hacking harvest harvesters harvests has healthcare heavily high highlights holiday hta https://aka https://security https://sip hubspot hunk iam identified identifies impacted impersonate importance include including increasingly industries industry infected infection inferred infiltrate information infrastructure initial initially injection install institution institutions intelligence investigations invoke its javascript keys kiron kits kitten korean languages last latam lateral latest latin learn least leveraged leveraging like lines linked links llm lnk loading lonepage long lumma lures machine maintain malaysia malicious malware managed management manager manufacturing masquerading melayu methods micro microsoft mispadu mitigate miyarat models modern modular monetag money monitoring more most movement ms/threatintelblog multiple mut network networks nodestealer nonprofits north notable now npm ntfs obfuscated older operational organization organizations osint other out over overlap packages part password payloads pdf permission persistence persistent phishing php planning platforms plugin plugins policies poorly popular portuguese post powershell prevent primarily primary private privilege process professionals profile: profile: profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6 profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad profiles/cbcac2a1de4e52fa5fc4263829d11ba6f2851d6822569a3d3ba9669e72aff789 program programming prohibited prominent proof protection provide python ranging ransomware rar rat receiving recent recommended references refining reflecting regions r |
| Tags | Ransomware Malware Tool Vulnerability Threat Prediction Medical Cloud Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.