Malicious CPU-Z App Distributed Through Ads on Fake Windows News Site
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A threat actor has been using Google Ads as a platform to distribute a tampered version of the CPU-Z tool. CPU-Z is a widely-used utility that provides information about various hardware …
Farnetwork the Mastermind of Five Ransomware Strains
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Farnetwork, a highly skilled threat actor fluent in Russian, has played a key role in five distinct ransomware-as-a-service (RaaS) programs, assuming diverse roles such as orchestrator and contributor to malware development. …
BlazeStealer Malware Uncovered in Python Packages on PyPI
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index (PyPI) repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a Discord bot that grants …
Chinese APT Masquerading as Cloud Services in Cambodia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Chinese APT targets Cambodian government via disguised cloud services, aiming to access sensitive data, aligning with China’s regional interests. Actors adapt work hours, signaling Chinese origin, urging protective measures against state-backed …
Millenium RAT the $30 Access Ticket to Data Theft
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Millenium RAT, a Win32 executable built on .NET, specifically version 2.4, is available on GitHub for a one-time fee of $30, granting lifetime access. Notably, this RAT is actively developed …
SideCopy Leverages Multi-platform RAT, Assaults Indian Government Entities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A threat actor linked to Pakistan named SideCopy is capitalizing on WinRAR’s CVE-2023-38831 vulnerability to target Indian government agencies. This security vulnerability facilitates distribution of various trojans, enabling attackers to gain …
BlueNoroff Unleashes New macOS Malware ObjCShellz
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new macOS malware variant linked to the financially motivated BlueNoroff APT group, named “ObjCShellz,“ featuring remote shell capabilities and suspicious domain communication. The malware, written in Objective-C, serves as a …
Iran-Backed Agrius APT’s Attacks on Israeli Institutions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a series of harmful cyberattacks that occurred from January 2023 to October 2023, the Iranian-backed Advanced Persistent Threat (APT) group known as Agrius targeted Israel’s education and technology sectors with …
Jupyter Infostealer Returns with New Addition to Its Arsenal
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Jupyter Infostealer is a malware variant initially discovered in late 2020. Since then, it has undergone continued evolution, altering its delivery methods and techniques to avoid detection and establish persistence on …
Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The threat actor Kinsing has recently been observed exploiting the Linux privilege escalation vulnerability known as “Looney Tunables (CVE-2023-4911)” as part of a new campaign aimed at breaching cloud environments. This …