Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
The Anatomy of a BlackCat (ALPHV) Attack
Source: SYGNIA
In 2023, Sygnia’s IR team was engaged by a client to investigate suspicious activities in the client’s network. The activities were ultimately identified as a financial extortion attack executed by the BlackCat (ALPHV) ransomware group or one of its affiliates, and included a massive data exfiltration. Read more.
Delving into Dalvik: A Look Into DEX Files
Source: MANDIANT
Through a case study of the banking trojan sample, this blog post aims to give an insight into the Dalvik Executable file format, how it is constructed, and how it can be altered to make analysis easier. Additionally, we are releasing a tool called dexmod that exemplifies Dalvik bytecode patching and helps modify DEX files. Read more.
Server Killers Alliances: Here Is The List Of Hacker Groups
Source: GBHackers
A new tweet from Daily Dark Web reports that a group called The Server Killers has formed an alliance and is planning to launch cyber attacks on Moldova. Read more.
TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant
Source: KROLL
The Kroll Cyber Threat Intelligence (CTI) team discovered new malware resembling the VBScript based BABYSHARK malware that we’ve called TODDLERSHARK. Read more.
Cyber Dragon Attacks And Disables Linkedin
Source: PRIVACY Affairs
The lesser-known but dangerous hacking group Cyber Dragon took Linkedin offline recently as a result of a massive breach. As users reported, both the website and the app were down for more than 24 hours intermittently. Read more.
New Fakext malware targets Latin American banks
Source: Security Intelligence
In November 2023, security researchers at IBM Security Trusteer found new widespread malware dubbed Fakext that uses a malicious Edge extension to perform man-in-the-browser and web-injection attacks. Read more.
Check Point Research Alerts: Financially Motivated Magnet Goblin Group Exploits 1-Day Vulnerabilities to target Publicly Facing Servers
Source: CHECK POINT
Rapid Exploitation of 1-Day Vulnerabilities: Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting public-facing servers and edge devices. In some cases, the deployment of the exploits is within 1 day after a POC is published, significantly increasing the threat level posed by this actor. Read more.
TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids
Source: Proofpoint
TA4903 is a financially motivated cybercriminal threat actor that spoofs both U.S. government entities and private businesses across many industries. The actor mostly targets organizations located in the United States, but occasionally those located globally, with high-volume email campaigns. Proofpoint assesses with high confidence the objectives of the campaigns are to steal corporate credentials, infiltrate mailboxes, and conduct follow-on business email compromise (BEC) activity. Read more.
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware
Source: The Hacker News
Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows systems,” Zscaler ThreatLabz researchers said. Read more.
Ukraine’s GUR Hacked The Russians Ministry of Defense
Source: Security Affairs
The documents revealed the leadership of the Russian Ministry, including other high-ranking officials within the divisions of Russian Ministry of Defense. This encompasses deputies, assistants, and specialists, individuals who used the electronic document management systems known as ‘bureaucrat’. Read more.