One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8631656 |
| Date de publication | 2024-12-30 12:02:43 (vue: 2024-12-30 13:08:22) |
| Titre | Weekly OSINT Highlights, 30 December 2024 |
| Texte | ## Snapshot
Last week\'s OSINT reporting highlights the persistence and evolution of cyber threats targeting a wide range of sectors, from cryptocurrency exchanges to aerospace and defense industries. The predominant attack vectors include phishing, exploitation of long-standing vulnerabilities, and the use of advanced malware like StealBit, OtterCookie, and VBCloud. Threat actors such as North Korea\'s Lazarus Group and TraderTraitor, as well as botnets like FICORA and CAPSAICIN, continue to refine their tactics, leveraging social engineering, compromised software repositories, and ransomware-as-a-service to achieve their objectives. These campaigns predominantly target high-value organizations and unpatched systems, emphasizing the importance of addressing known vulnerabilities and monitoring for sophisticated attack chains.
## Description
1. [StealBit Data Exfiltration Tool](https://sip.security.microsoft.com/intel-explorer/articles/68a374b4): The LockBit ransomware group employs StealBit as part of its ransomware-as-a-service program, facilitating data theft in double extortion attacks. Recent updates to the tool broaden its target base and enhance efficiency, allowing faster data exfiltration and streamlined operations.
1. [FICORA and CAPSAICIN Botnets](https://sip.security.microsoft.com/intel-explorer/articles/77c183a0): FortiGuard Labs observed global activity from the FICORA and CAPSAICIN botnets, exploiting long-standing vulnerabilities in D-Link devices. These botnets, targeting unpatched systems, leverage DDoS capabilities and advanced features to dominate infected devices, focusing on East Asia and other global regions.
1. [OtterCookie and the Contagious Interview Campaign](https://sip.security.microsoft.com/intel-explorer/articles/b5a152a8): North Korean actors deploy OtterCookie malware through fake job offers to developers, targeting cryptocurrency wallets and sensitive data. Infection methods include compromised GitHub and npm projects, with evolving variants enhancing data theft and lateral movement.
1. [TraderTraitor\'s $308 Million Cryptocurrency Heist](https://sip.security.microsoft.com/intel-explorer/articles/9cd8b8b5): The North Korean TraderTraitor group stole $308 million from Japan\'s DMM Bitcoin, leveraging LinkedIn for social engineering and GitHub for malware delivery. By compromising a Japanese cryptocurrency wallet company, the group infiltrated systems to manipulate legitimate transactions.
1. [Lazarus Group\'s DeathNote Campaign](https://sip.security.microsoft.com/intel-explorer/articles/3b7cea68): Lazarus Group continues targeting industries like aerospace and cryptocurrency through Operation DreamJob, using trojanized tools and DLL side-loading techniques. Recent attacks deploy advanced malware strains to evade detection, establish persistence, and enable lateral movement within targeted systems.
1. [Cloud Atlas 2024 Campaigns](https://sip.security.microsoft.com/intel-explorer/articles/caa75881): Cloud Atlas targets Eastern Europe and Central Asia with phishing emails exploiting Equation Editor vulnerabilities, delivering VBShower and VBCloud malware. These tools use PowerShell scripts for data theft, lateral movement, and exfiltration, with region-specific tactics to avoid detection.
## Copyright
**© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.
## Snapshot Last week\'s OSINT reporting highlights the persistence and evolution of cyber threats targeting a wide range of sectors, from cryptocurrency exchanges to aerospace and defense industries. The predominant attack vectors include phishing, exploitation of long-standing vulnerabilities, and the use of advanced malware like StealBit, OtterCookie, and VBCloud. Threat actors such as North Korea\'s Lazarus Group and TraderTraitor, as well as botnets like FICORA and CAPSAICIN, continue to refine their tactics, leveraging |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $308 **© 2024 2024** achieve activity actors addressing advanced aerospace all allowing any asia atlas attack attacks avoid base bitcoin botnets broaden campaign campaigns capabilities capsaicin central chains cloud com/intel company compromised compromising contagious content continue continues copyright cryptocurrency cyber data ddos deathnote december defense delivering delivery deploy description detection developers devices distribution dll dmm dominate double dreamjob east eastern editor efficiency emails emphasizing employs enable engineering enhance enhancing equation establish europe evade evolution evolving exchanges exfiltration exploitation exploiting explorer/articles/3b7cea68 explorer/articles/68a374b4 explorer/articles/77c183a0 explorer/articles/9cd8b8b5 explorer/articles/b5a152a8 explorer/articles/caa75881 extortion facilitating fake faster features ficora focusing fortiguard from github global group heist high highlights https://sip importance include industries infected infection infiltrated interview its japan japanese job known korea korean labs last lateral lazarus legitimate leverage leveraging like link linkedin loading lockbit long malware manipulate methods microsoft million monitoring movement north npm objectives observed offers operation operations organizations osint other ottercookie part permission persistence phishing powershell predominant predominantly program prohibited projects range ransomware recent refine region regions reporting repositories reproduction reserved rights scripts sectors security sensitive service side site snapshot social software sophisticated specific standing stealbit stole strains streamlined such systems tactics target targeted targeting targets techniques theft thereof these threat threats through tool tools tradertraitor transactions trojanized unpatched updates use using value variants vbcloud vbshower vectors vulnerabilities wallet wallets week weekly well wide within without written |
| Tags | Ransomware Malware Tool Vulnerability Threat Cloud |
| Stories | APT 38 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.