Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
 |
2024-12-16 12:50:03 |
Weekly OSINT Highlights, 16 December 2024 (lien direct) |
## Snapshot
Last week\'s OSINT reporting highlighted a diverse range of cyber threats, emphasizing sophisticated malware, targeted attacks, and global threat actor activities. Credential theft and data exfiltration emerged as prominent attack types, as seen in campaigns like Bizfum Stealer and Meeten malware targeting cryptocurrency users. Phishing remained a key attack vector, deployed in operations like UAC-0185\'s MeshAgent campaign against Ukraine and APT-C-60\'s SpyGlace backdoor targeting Japan. Nation-state actors dominated the landscape, including North Korea\'s UNC4736 exploiting DeFi systems and China\'s espionage on critical industries, while hacktivists like Holy League targeted France amid geopolitical unrest. The attacks primarily focused on sensitive targets such as critical infrastructure, financial systems, and government entities, underscoring the rising risks to global cybersecurity.
## Description
1. [Bizfum Stealer:](https://sip.security.microsoft.com/intel-explorer/articles/b522b6ae) CYFIRMA researchers discovered "Bizfum Stealer," an advanced information-stealing malware designed to exfiltrate credentials, cookies, and sensitive files from infected systems. Targeting popular browsers and leveraging platforms like GoFile and Telegram, it employs sophisticated techniques for stealth, encryption, and evasion.
1. [IOCONTROL Malware:](https://sip.security.microsoft.com/intel-explorer/articles/5fa3e494) Team82 identified IOCONTROL, a modular malware linked to Iran\'s IRGC-CEC, targeting IoT and OT devices to disrupt fuel systems in the U.S. and Israel. The malware uses advanced techniques, including DNS-over-HTTPS and AES-256-CBC encryption, to evade detection while compromising critical infrastructure.
1. [Kimsuky\'s Million OK Campaign:](https://sip.security.microsoft.com/intel-explorer/articles/d1e1ee65) Hunt researchers uncovered infrastructure tied to North Korea\'s APT group Kimsuky, which employed domains mimicking South Korea\'s Naver platform to steal credentials. The campaign\'s infrastructure used distinctive HTTP responses, shared server configurations, and phishing techniques to target South Korean users.
1. [UNC4736 Cryptocurrency Heist](https://sip.security.microsoft.com/intel-explorer/articles/3a647a38): Mandiant attributed the $50 million cryptocurrency theft from Radiant Capital to North Korea\'s UNC4736. The attackers used malware to compromise trusted developers, executing unauthorized transactions that exploited DeFi multi-signature processes while bypassing robust security measures.
1. [PUMAKIT Malware Report](https://sip.security.microsoft.com/intel-explorer/articles/a16902ac): Elastic Security Labs detailed PUMAKIT, a modular Linux malware employing fileless execution, kernel rootkits, and syscall hooking for stealth and persistence. Its sophisticated architecture allows it to manipulate system behaviors, evade detection, and target older kernel versions with privilege escalation capabilities.
1. [Android Banking Trojan in India](https://sip.security.microsoft.com/intel-explorer/articles/5ff566b7): McAfee researchers uncovered a trojan targeting Indian Android users, masquerading as utility apps and stealing financial data via malicious APKs distributed on platforms like WhatsApp. The malware exfiltrates data using Supabase and employs stealth tactics, compromising over 400 devices and intercepting thousands of SMS messages.
1. [DarkGate Malware via Teams Call](https://sip.security.microsoft.com/intel-explorer/articles/5cac0381): Trend Micro identified an attack leveraging Microsoft Teams to distribute DarkGate malware through social engineering and remote desktop applications. The attacker used vishing to gain trust and access, deploying malware with persistence and evasion techniques before being intercepted.
1. [Socks5Systemz Botnet Resurgence](https://sip.security.microsoft.com/intel-explorer/articles/15cfbc2f): Bitsight TRACE uncovered the long-standing Socks5Systemz botnet, which peaked at 250,000 compr |
Ransomware
Malware
Tool
Vulnerability
Threat
Legislation
Mobile
Industrial
Prediction
Cloud
|
APT C 60
|
★★
|