Lazarus’s Operation Blacksmith Deploys Novel Dlang RATs
HiveForce Labs Summary: The Lazarus Group, a North Korea-linked threat actor, has been identified in a new global campaign called “Operation Blacksmith.” In this campaign, the group opportunistically exploits the security vulnerability CVE-2021-44228 in Log4j to deploy previously undocumented RATs on compromised hosts, namely NineRAT, DLRAT, and …
Attacks, Vulnerabilities and Actors 4 December to 10 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eleven attacks were executed, eleven vulnerabilities were uncovered, and four active adversaries were identified. …
Decoding MrAnon Stealer’s Plot through Deceptive Emails
Summary: A phishing email campaign employs misleading booking details to lure victims, aiming to deploy a Python-based information stealer known as MrAnon Stealer. This malicious software is designed to pilfer victims’ credentials, system details, browser sessions, and cryptocurrency extensions. Threat Level – Amber | Attack …
APT28’s Tactical Exploitation of Critical Vulnerabilities
Summary: The APT28 adversary, originating from Russia, has garnered notoriety through sophisticated phishing activities. By exploiting patched vulnerabilities as an initial access point, APT28 conducts extensive campaigns targeting diverse sectors, including government, aerospace, education, finance, manufacturing, and technology. The primary objectives encompass extracting user credentials …
New Linux Krasue RAT Targeting Telecom Companies in Thailand
Summary: Krasue, a new Linux Remote Access Trojan, targets Thai organizations, primarily in telecommunications, using embedded rootkits and a unique RTSP-based communication tactic. Believed to be connected to XorDdos, it evades detection through various stealth measures, emphasizing the importance of heightened cybersecurity vigilance. Threat Level …
Star Blizzard Continues to Refine Their Tradecraft for Evasion and Stealth
Summary: The Russia-based threat actor, Star Blizzard, continues to utilize spear-phishing attacks successfully, targeting organizations and individuals across various geographical regions for information-gathering activities. Star Blizzard has improved its detection evasion capabilities since 2022 while remaining focused on email credential theft against the same set …
Atlassian Addresses Critical RCE Flaws
Summary: Four critical vulnerabilities, namely CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471, have been identified impacting the Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. If successfully exploited, these vulnerabilities could lead to remote code execution, posing a significant security risk. Threat Level …
A New Face of AsyncRAT Utilizes WSF Scripts to Spread
Summary: AsyncRAT is a remote access trojan (RAT) malware known for stealing credentials and executing various malicious activities since 2019. Its recent variant, distributed through WSF script files, employs sophisticated fileless techniques, emphasizing the importance of user caution and robust security measures. Threat Level – …
DanaBot Stealer: Multistage MaaS Malware Resurfaces
Summary: DanaBot is a covert malware designed for the discreet theft of sensitive data for financial gain. Unlike ransomware, its focus is on prolonged persistence rather than immediate disruption. Functioning as a malware-as-a-service (MaaS) platform, DanaBot is versatile, targeting individuals, businesses, and government organizations alike. …
From Brute-Force to BlueSky Ransomware
Summary: A focused campaign directed at publicly accessible MSSQL servers unfolded, entailing malicious actors’ utilization of Cobalt Strike and Tor2Mine. After gaining successful network access, the adversaries deployed the BlueSky ransomware across the entire network. Threat Level – Amber | Attack Report For a detailed …
