What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-08 15:09:15 | Faits saillants hebdomadaires, 8 avril 2024 Weekly OSINT Highlights, 8 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals several key trends emerge in the realm of cybersecurity threats. Firstly, there is a notable diversification and sophistication in attack techniques employed by threat actors, ranging from traditional malware distribution through phishing emails to advanced methods like DLL hijacking and API unhooking for evading detection. Secondly, the threat landscape is characterized by the presence of various actors, including state-sponsored groups like Earth Freybug (a subset of APT41) engaging in cyberespionage and financially motivated attacks, as well as cybercrime actors orchestrating malware campaigns such as Agent Tesla and Rhadamanthys. Thirdly, the targets of these attacks span across different sectors and regions, with organizations in America, Australia, and European countries facing significant threats. Additionally, the emergence of cross-platform malware like DinodasRAT highlights the adaptability of threat actors to target diverse systems, emphasizing the need for robust cybersecurity measures across all platforms. Overall, these trends underscore the dynamic and evolving nature of cyber threats, necessitating continuous vigilance and proactive defense strategies from organizations and cybersecurity professionals. **1. [Latrodectus Loader Malware Overview](https://sip.security.microsoft.com/intel-explorer/articles/b4fe59bf)** Latrodectus is a new downloader malware, distinct from IcedID, designed to download payloads and execute arbitrary commands. It shares characteristics with IcedID, indicating possible common developers. **2. [Earth Freybug Cyberespionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/327771c8)** Earth Freybug, a subset of APT41, engages in cyberespionage and financially motivated attacks since at least 2012. The attack involved sophisticated techniques like DLL hijacking and API unhooking to deploy UNAPIMON, evading detection and enabling malicious commands execution. **3. [Agent Tesla Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/cbdfe243)** Agent Tesla malware targets American and Australian organizations through phishing campaigns aimed at stealing email credentials. Check Point Research identified two connected cybercrime actors behind the operation. **4. [DinodasRAT Linux Version Analysis](https://sip.security.microsoft.com/intel-explorer/articles/57ab8662)** DinodasRAT, associated with the Chinese threat actor LuoYu, is a cross-platform backdoor primarily targeting Linux servers. The latest version introduces advanced evasion capabilities and is installed to gain additional footholds in networks. **5. [Rhadamanthys Information Stealer Malware](https://sip.security.microsoft.com/intel-explorer/articles/bf8b5bc1)** Rhadamanthys utilizes Google Ads tracking to distribute itself, disguising as popular software installers. After installation, it injects into legitimate Windows files for data theft, exploiting users through deceptive ad redirects. **6. [Sophisticated Phishing Email Malware](https://sip.security.microsoft.com/intel-explorer/articles/abfabfa1)** A phishing email campaign employs ZIP file attachments leading to a series of malicious file downloads, culminating in the deployment of PowerShell scripts to gather system information and download further malware. **7. [AceCryptor Cryptors-as-a-Service (CaaS)](https://sip.security.microsoft.com/intel-explorer/articles/e3595388)** AceCryptor is a prevalent cryptor-as-a-service utilized in Rescoms campaigns, particularly in European countries. Threat actors behind these campaigns abuse compromised accounts to send spam emails, aiming to obtain credentials for further attacks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to ge | Ransomware Spam Malware Tool Threat Cloud | APT 41 | ★★★ |
|
2024-03-05 19:03:47 | Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI (lien direct) |
## Snapshot Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of AI. Defenders are only beginning to recognize and apply the power of generative AI to shift the cybersecurity balance in their favor and keep ahead of adversaries. At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape. You can read OpenAI\'s blog on the research [here](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors). Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors\' usage of AI. However, Microsoft and our partners continue to study this landscape closely. The objective of Microsoft\'s partnership with OpenAI, including the release of this research, is to ensure the safe and responsible use of AI technologies like ChatGPT, upholding the highest standards of ethical application to protect the community from potential misuse. As part of this commitment, we have taken measures to disrupt assets and accounts associated with threat actors, improve the protection of OpenAI LLM technology and users from attack or abuse, and shape the guardrails and safety mechanisms around our models. In addition, we are also deeply committed to using generative AI to disrupt threat actors and leverage the power of new tools, including [Microsoft Copilot for Security](https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot), to elevate defenders everywhere. ## Activity Overview ### **A principled approach to detecting and blocking threat actors** The progress of technology creates a demand for strong cybersecurity and safety measures. For example, the White House\'s Executive Order on AI requires rigorous safety testing and government supervision for AI systems that have major impacts on national and economic security or public health and safety. Our actions enhancing the safeguards of our AI models and partnering with our ecosystem on the safe creation, implementation, and use of these models align with the Executive Order\'s request for comprehensive AI safety and security standards. In line with Microsoft\'s leadership across AI and cybersecurity, today we are announcing principles shaping Microsoft\'s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track. These principles include: - **Identification and action against malicious threat actors\' use:** Upon detection of the use of any Microsoft AI application programming interfaces (APIs), services, or systems by an identified malicious threat actor, including nation-state APT or APM, or the cybercrime syndicates we track, Microsoft will take appropriate action to disrupt their activities, such as disabling the accounts used, terminating services, or limiting access to resources. - **Notification to other AI service providers:** When we detect a threat actor\'s use of another service provider\'s AI, AI APIs, services, and/or systems, Microsoft will promptly notify the service provider and share relevant data. This enables the service provider to independently verify our findings and take action in accordance with their own policies. - **Collaboration with other stakeholders:** Microsoft will collaborate with other stakeholders to regularly exchange information a | Ransomware Malware Tool Vulnerability Threat Studies Medical Technical | APT 28 ChatGPT APT 4 | ★★ |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
