What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
RiskIQ.webp 2024-09-30 13:21:55 Faits saillants hebdomadaires OSINT, 30 septembre 2024
Weekly OSINT Highlights, 30 September 2024 (lien direct)		 ## Snapshot Last week\'s OSINT reporting highlighted diverse cyber threats involving advanced attack vectors and highly adaptive threat actors. Many reports centered on APT groups like Patchwork, Sparkling Pisces, and Transparent Tribe, which employed tactics such as DLL sideloading, keylogging, and API patching. The attack vectors ranged from phishing emails and malicious LNK files to sophisticated malware disguised as legitimate software like Google Chrome and Microsoft Teams. Threat actors targeted a variety of sectors, with particular focus on government entities in South Asia, organizations in the U.S., and individuals in India. These campaigns underscored the increased targeting of specific industries and regions, revealing the evolving techniques employed by cybercriminals to maintain persistence and evade detection. ## Description 1. [Twelve Group Targets Russian Government Organizations](https://sip.security.microsoft.com/intel-explorer/articles/5fd0ceda): Researchers at Kaspersky identified a threat group called Twelve, targeting Russian government organizations. Their activities appear motivated by hacktivism, utilizing tools such as Cobalt Strike and mimikatz while exfiltrating sensitive information and employing ransomware like LockBit 3.0. Twelve shares infrastructure and tactics with the DARKSTAR ransomware group. 2. [Kryptina Ransomware-as-a-Service Evolution](https://security.microsoft.com/intel-explorer/articles/2a16b748): Kryptina Ransomware-as-a-Service has evolved from a free tool to being actively used in enterprise attacks, particularly under the Mallox ransomware family, which is sometimes referred to as FARGO, XOLLAM, or BOZON. The commoditization of ransomware tools complicates malware tracking as affiliates blend different codebases into new variants, with Mallox operators opportunistically targeting \'timely\' vulnerabilities like MSSQL Server through brute force attacks for initial access. 3. [North Korean IT Workers Targeting Tech Sector:](https://sip.security.microsoft.com/intel-explorer/articles/bc485b8b) Mandiant reports on UNC5267, tracked by Microsoft as Storm-0287, a decentralized threat group of North Korean IT workers sent abroad to secure jobs with Western tech companies. These individuals disguise themselves as foreign nationals to generate revenue for the North Korean regime, aiming to evade sanctions and finance its weapons programs, while also posing significant risks of espionage and system disruption through elevated access. 4. [Necro Trojan Resurgence](https://sip.security.microsoft.com/intel-explorer/articles/00186f0c): Kaspersky\'s Secure List reveals the resurgence of the Necro Trojan, impacting both official and modified versions of popular applications like Spotify and Minecraft, and affecting over 11 million Android devices globally. Utilizing advanced techniques such as steganography to hide its payload, the malware allows attackers to run unauthorized ads, download files, and install additional malware, with recent attacks observed across countries like Russia, Brazil, and Vietnam. 5. [Android Spyware Campaign in South Korea:](https://sip.security.microsoft.com/intel-explorer/articles/e4645053) Cyble Research and Intelligence Labs (CRIL) uncovered a new Android spyware campaign targeting individuals in South Korea since June 2024, which disguises itself as legitimate apps and leverages Amazon AWS S3 buckets for exfiltration. The spyware effectively steals sensitive data such as SMS messages, contacts, images, and videos, while remaining undetected by major antivirus solutions. 6. [New Variant of RomCom Malware:](https://sip.security.microsoft.com/intel-explorer/articles/159819ae) Unit 42 researchers have identified "SnipBot," a new variant of the RomCom malware family, which utilizes advanced obfuscation methods and anti-sandbox techniques. Targeting sectors such as IT services, legal, and agriculture since at least 2022, the malware employs a multi-stage infection chain, and researchers suggest the threat actors\' motives might have s Ransomware Malware Tool Vulnerability Threat Patching Mobile ChatGPT APT 36 ★★
knowbe4.webp 2023-06-13 13:00:00 CyberheistNews Vol 13 # 24 [Le biais de l'esprit \\] le prétexage dépasse désormais le phishing dans les attaques d'ingénierie sociale
CyberheistNews Vol 13 #24 [The Mind\\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks (lien direct)		 CyberheistNews Vol 13 #24 CyberheistNews Vol 13 #24  |   June 13th, 2023 [The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill. "The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top." A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear. BEC Attacks Have Nearly Doubled It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor. Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category. Financially Motivated External Attackers Double Down on Social Engineering Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection. However, unlike the times we live in, this section isn\'t all doom and Spam Malware Vulnerability Threat Patching Uber APT 37 ChatGPT ChatGPT APT 43 ★★
Last update at: 2025-05-10 19:07:39
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter