Dissemination of the Konni Campaign Through Malicious Documents
Summary: The Konni campaign has resurfaced in a new phishing attack employing a Russian-language Microsoft Word document to distribute malware. The malicious software aims to harvest sensitive information from compromised Windows hosts. Threat Level – Red | Attack Report For a detailed threat advisory, download the …
Atomic Stealer Sneaks In via Fake Browser Updates
Summary: The macOS information-stealing malware known as Atomic, or AMOS, is currently being delivered to targets through a deceptive web browser update chain known as ClearFake. ClearFake is a recent malware campaign that exploits compromised websites to distribute fake browser updates. Threat Level – Amber …
The Lethal Advancement of DarkGate Malware-as-a-Service
Summary: DarkGate, a formidable Remote Access Trojan (RAT), functions as a Malware-as-a-Service (MaaS) and is masterminded by the elusive RastaFarEye within the underground cybercrime landscape. The latest iteration, DarkGate 5.0.19, advances upon its predecessors with sophisticated evasion techniques and a comprehensive toolkit for credential theft, …
Mustang Panda Targets Philippines Government Using Legitimate Software
Summary: Mustang Panda, a threat actor associated with China, has been implicated in a cyber attack targeting a government entity in the Philippines. The attackers employed a strategy of using legitimate software, such as Solid PDF Creator and SmadavProtect (an antivirus solution based in Indonesia), …
SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations
Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements published on …
The Rise of NetSupport RAT Recent Infections and Sector Impact
Summary: Threat actors exploit NetSupport Manager into a Remote Access Trojan (RAT), leading to a recent surge in infections across multiple sectors. The evolving attack chain involves deceptive website downloads, JavaScript payloads, and PowerShell commands, emphasizing the need for vigilant detection and response measures. Threat …
Kinsing Malware Utilizes Apache ActiveMQ RCE to Deploy Rootkits
Summary: The Kinsing malware operator is actively taking advantage of the critical vulnerability CVE-2023-46604 in Apache ActiveMQ, an open-source message broker. The vulnerability allows remote code execution, facilitating deployment of Kinsing malware ( aka h2miner), which functions as a cryptocurrency miner. Threat Level – Red …
Attacks, Vulnerabilities and Actors 13 November to 19 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of nine attacks were executed, twelve vulnerabilities were uncovered, and four active adversaries were identified. …
Gamaredon Deploys LitterDrifter USB Worm in Cyber Espionage Operations
Summary: Russian cyber espionage group Gamaredon (aka Primitive Bear) has been observed utilizing a USB-propagating worm known as LitterDrifter in attacks targeting Ukrainian entities. This group has recently adopted LitterDrifter, a worm written in VBS, designed to spread through removable USB drives and establish a …
Scattered Spider Cyber Threat Key Findings and Security Measures
Summary: A cybercriminal group, Scattered Spider, known for targeting commercial facilities, highlighting their evolving tactics, social engineering expertise, phishing, and SIM swap attacks, evolving techniques like file encryption post-exfiltration to maintain persistence and adapt to security measures. Threat Level – RED | Attack Report For …