What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-24 23:34:10 | Onyx Sleet utilise une gamme de logiciels malveillants pour recueillir l'intelligence pour la Corée du Nord Onyx Sleet uses array of malware to gather intelligence for North Korea (lien direct) |
#### Targeted Geolocations - India - Korea - United States - Southeast Asia - North America #### Targeted Industries - Information Technology - Defense Industrial Base - Government Agencies & Services ## Snapshot On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet\'s activity to assess changes following the indictment. First observed by Microsoft in 2014, Onyx Sleet has conducted cyber espionage through numerous campaigns aimed at global targets with the goal of intelligence gathering. More recently, it has expanded its goals to include financial gain. This threat actor operates with an extensive set of custom tools and malware, and regularly evolves its toolset to add new functionality and to evade detection, while keeping a fairly uniform attack pattern. Onyx Sleet\'s ability to develop a spectrum of tools to launch its tried-and-true attack chain makes it a persistent threat, particularly to targets of interest to North Korean intelligence, like organizations in the defense, engineering, and energy sectors. Microsoft tracks campaigns related to Onyx Sleet and directly notifies customers who have been targeted or compromised, providing them with the necessary information to help secure their environments. ## Activity Overview ### Who is Onyx Sleet? Onyx Sleet conducts cyber espionage primarily targeting military, defense, and technology industries, predominately in India, South Korea, and the United States. This threat actor has historically leveraged spear-phishing as a means of compromising target environments; however, in recent campaigns, they have mostly exploited N-day vulnerabilities, leveraging publicly available and custom exploits to gain initial access. In October 2023, Onyx Sleet [exploited the TeamCity CVE-2023-42793 vulnerability](https://security.microsoft.com/intel-explorer/articles/b4f39b04) [as a part of a targeted attack](https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2023-42793/overview). Exploiting this vulnerability enabled the threat actor to perform a remote code execution attack and gain administrative control of the server. Onyx Sleet develops and uses a spectrum of tools that range from custom to open source. They have built an extensive set of custom remote access trojans (RATs) that they use in campaigns, and routinely developed new variants of these RATs to add new functionality and implement new ways of evading detection. Onyx Sleet often uses leased virtual private servers (VPS) and compromised cloud infrastructure for command-and-control (C2). Onyx Sleet is tracked by other security companies as SILENT CHOLLIMA, Andariel, DarkSeoul, Stonefly, and TDrop2. **Affiliations with other threat actors originating from North Korea** Onyx Sleet has demonstrated affiliations with other North Korean actors, indicating its integration with a broader network of North Korean cyber operations. Microsoft has observed [an overlap](https://www.microsoft.com/en-us/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/) between Onyx Sleet and [Storm-0530](https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/). Both groups were observed operating within the same infrastructure and were involved in the development and use of ransomware in attacks in late 2021 and 2022. **Onyx Sleet targets** In pursuit of its primary goal of intelligence collection, Onyx Sleet has focused on targeting entities in the defense and energy industries, predominately in India, South Korea, and the United States. Recent att | Ransomware Malware Tool Vulnerability Threat Industrial Cloud Technical Commercial | APT 38 | |
 |
2023-11-20 06:31:18 | Circonstances d'une attaque exploitant un programme de gestion des actifs (Andariel Group) Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group) (lien direct) |
L'équipe d'analyse ASEC a identifié les circonstances du groupe Andariel distribuant des logiciels malveillants via une attaque en utilisant une certaine gestion des actifsprogramme.Le groupe Andariel est connu pour être dans une relation coopérative avec ou une organisation filiale du groupe Lazare.Le groupe Andariel lance généralement des attaques de phishing de lance, d'arrosage ou de chaîne d'approvisionnement pour la pénétration initiale.Il existe également un cas où le groupe a exploité une solution de gestion centrale pendant le processus d'installation de logiciels malveillants.Récemment, le groupe Andariel ...
The ASEC analysis team identified the circumstances of the Andariel group distributing malware via an attack using a certain asset management program. The Andariel group is known to be in a cooperative relationship with or a subsidiary organization of the Lazarus group. The Andariel group usually launches spear phishing, watering hole, or supply chain attacks for initial penetration. There is also a case where the group exploited a central management solution during the malware installation process. Recently, the Andariel group... |
Malware Technical | APT 38 APT 38 | ★★★ |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
