What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-29 14:00:00 | Adversarial Misuse of Generative AI (lien direct) | Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes. Much of the current discourse around cyber threat actors\' misuse of AI is confined to theoretical research. While these studies demonstrate the potential for malicious exploitation of AI, they don\'t necessarily reflect the reality of how AI is currently being used by threat actors in the wild. To bridge this gap, we are sharing a comprehensive analysis of how threat actors interacted with Google\'s AI-powered assistant, Gemini. Our analysis was grounded by the expertise of Google\'s Threat Intelligence Group (GTIG), which combines decades of experience tracking threat actors on the front lines and protecting Google, our users, and our customers from government-backed attackers, targeted 0-day exploits, coordinated information operations (IO), and serious cyber crime networks. We believe the private sector, governments, educational institutions, and other stakeholders must work together to maximize AI\'s benefits while also reducing the risks of abuse. At Google, we are committed to developing responsible AI guided by our principles, and we share | Ransomware Malware Tool Vulnerability Threat Studies Legislation Mobile Industrial Cloud Technical Commercial | APT 41 APT 43 APT 42 | ★★★ |
 |
2024-08-19 10:58:28 | Faits saillants hebdomadaires OSINT, 19 août 2024 Weekly OSINT Highlights, 19 August 2024 (lien direct) |
## Instantané La semaine dernière, les rapports OSINT de \\ ont mis en évidence le phishing comme le vecteur d'attaque le plus courant, initiant souvent des chaînes d'attaque qui comprenaient des déploiements de ransomwares.Les menaces persistantes avancées (APTS) comme Silverfox et Emerald Sleet se sont moquées de phishing ciblé, de logiciels malveillants sophistiqués et d'évasion pour compromettre des objectifs de grande valeur, notamment des organisations gouvernementales, des institutions financières et des groupes de la société civile.Les rapports sur Ransomexx, Mad Liberator et Cronus, qui ont utilisé l'ingénierie sociale, les outils de gestion à distance et les scripts obscurcis pour désactiver les défenses et extorquer les victimes, ont souligné la menace répandue de ransomware.L'abus de surveillance et de gestion à distance (RMM) et d'autres outils légitimes a également émergé comme une tendance clé, les acteurs de menace exploitant des outils comme AnyDesk et Atera pour le vol de données et le déploiement des charges utiles des ransomwares. ## Description 1. [La campagne en cours Valleyrat cible les entreprises chinoises] (https://sip.security.microsoft.com/intel-explorer/articles/f86cace2): Fortiguard Labs a identifié une campagne Valleyrat destinée aux entreprises chinoises dans des secteurs comme le commerce électronique, la financeet gestion.L'attaque, attribuée au groupe APT "Silver Fox", utilise des techniques avancées comme l'exécution de Shellcode, l'obscurcissement du sommeil et le chargement de DLL réfléchissant pour gagner de la persistance et augmenter les privilèges, indiquant une opération très ciblée contre les industries clés en Chine. 2. [Banshee Stealer: une nouvelle menace de macOS des acteurs russes] (https://sip.security.microsoft.com/intel-explorer/articles/36a81450): laboratoires de sécurité élastiques rapportés sur Banshee Stealer, un MacOsware sophistiqué MACOS développé parActeurs de la menace russe.Ce malware, ciblant les architectures x86 \ _64 et ARM64, est conçu pour voler les informations du système, les données du navigateur et les portefeuilles de crypto-monnaie, et il utilise des techniques d'évasion pour éviter la détection, en particulier dans les régions russes. 3Enquête commerciale.Le malware, un puissant voleur d'informations, peut capturer des frappes, voler des informations d'identification et exécuter des charges utiles supplémentaires, tirer parti de l'obscurcissement et du chiffrement pour échapper à la détection. 4. [EDRKILLSHIFTER INDIFIÉS DANS L'ATTAGE DE RANSOMWAGIE ÉCHECTÉE] (https://sip.security.microsoft.com/intel-explorer/articles/f5878aee): les analystes de Sophos ont découvert Edrkillshifter, un utilitaire utiliséDans un ransomware défaillant, tentez de désactiver les outils de détection et de réponse (EDR).L'outil est déployé via une tactique «apporter votre propre conducteur vulnérable» (BYOVD), indiquant une approche sophistiquée pour compromettre les systèmes ciblés. 5[Ransomexx cible le secteur bancaire de l'Inde \\] (https://sip.security.microsoft.com/intel-explorer/articles/ded5ac3e): CloudsekLes chercheurs ont découvert une attaque de ransomware par le groupe Ransomexx, ciblant l'écosystème bancaire de l'Inde \\.L'attaque a exploité un serveur Jenkins mal configuré, tirant parti des algorithmes de chiffrement sophistiqués pour rendre la récupération des données presque impossible. 6. [La campagne Tusk cible les portefeuilles de crypto-monnaie] (https://sip.security.microsoft.com/intel-explorer/articles/f633bbf2): Gert de Kaspersky \\ a identifié la campagne Tusk, dirigée par des acteurs de menace russe,ciblant les portefeuilles de crypto-monnaie et les comptes de jeux.La campagne utilise l'ingénierie sociale et les mécanismes complexes de livraison de logiciels malveillants pour échapper à la détection et aux victimes de compromis. 7. [Les campagnes de phishing APT42 ciblent Israël et les États-Unis] (https://sip.security.mic | Ransomware Malware Tool Threat Prediction | APT 41 APT 42 | ★★★ |
|
2024-06-05 14:00:00 | Phishing pour l'or: cyber-menaces auxquelles sont confrontés les Jeux olympiques de Paris 2024 Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics (lien direct) |
Written by: Michelle Cantos, Jamie Collier
Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations. Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics. While China, Iran, and North Korea state sponsored actors also pose a moderate to low risk. To reduce the risk of cyber threats associated with the Paris Olympics, organizations should update their threat profiles, conduct security awareness training, and consider travel-related cyber risks. The security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games, thanks to the insights gained from past events. While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar. While the technical disruption caused by hacktivism and information operations is often temporary, these operations can have an outsized impact during high-profile events with a global audience. Introduction The 2024 Summer Olympics taking place in Paris, France between July and August creates opportunities for a range of cyber threat actors to pursue profit, notoriety, and intelligence. For organizations involved in the event, understanding relevant threats is key to developing a resilient security posture. Defenders should prepare against a variety of threats that will likely be interested in targeting the Games for different reasons: Cyber espionage groups are likely to target the 2024 Olympics for information gathering purposes, due to the volume of government officials and senior decision makers attending. Disruptive and destructive operations could potentially target the Games to cause negative psychological effects and reputational damage. This type of activity could take the form of website defacements, distributed denial of service (DDoS) attacks, the deployment of wiper malware, and operational technology (OT) targeting. As a high profile, large-scale sporting event with a global audience, the Olympics represents an ideal stage for such operations given that the impact of any disruption would be significantly magnified. Information operations will likely leverage interest in the Olympics to spread narratives and disinformation to target audiences. In some cases, threat actors may leverage disruptive and destructive attacks to amplify the spread of particular narratives in hybrid operations. Financially-motivated actors are likely to target the Olympics in v |
Ransomware Malware Threat Studies Mobile Cloud Technical | APT 15 APT 31 APT 42 | ★★ |
|
2024-04-25 10:00:00 | Pole Voûte: cyber-menaces aux élections mondiales Poll Vaulting: Cyber Threats to Global Elections (lien direct) |
Written by: Kelli Vanderlee, Jamie Collier
Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts. When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure. Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity. Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google\'s Advanced Protection Program to protect high-risk accounts. Introduction The 2024 global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats. An expansive ecosystem of systems, administrators, campaign infrastructure, and public communications venues must be secured against a diverse array of operators and methods. Any election cybersecurity strategy should begin with a survey of the threat landscape to build a more proactive and tailored security posture. The cybersecurity community must keep pace as more than two billion voters are expected to head to the polls in 2024. With elections in more than an estimated 50 countries, there is an opportunity to dynamically track how threats to democracy evolve. Understanding how threats are targeting one country will enable us to better anticipate and prepare for upcoming elections globally. At the same time, we must also appreciate the unique context of different countries. Election threats to South Africa, India, and the United States will inevitably differ in some regard. In either case, there is an opportunity for us to prepare with the advantage of intelligence. |
Ransomware Malware Hack Tool Vulnerability Threat Legislation Cloud Technical | APT 40 APT 29 APT 28 APT 43 APT 31 APT 42 | ★★★ |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
1
We have: 5 articles.
We have: 5 articles.
To see everything:
Our RSS (filtrered)
