Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

International operation closes down Piilopuoti dark web marketplace


In a significant victory against dark web criminals, the Finnish Customs (Tulli), together with European partners, has successfully taken down the dark web marketplace ‘Piilopuoti’. Read more.

‘Culturestreak’ Malware Lurks Inside GitLab Python Package


In what’s becoming an all-too-common occurrence in the current threat landscape, security researchers have found yet another malicious open source package, this time an active Python file on GitLab that hijacks system resources to mine cryptocurrency. Read more.

Fake WinRAR proof-of-concept exploit drops VenomRAT malware


A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware. Read more.

Navigating the Digital Shadows: How Bad Actors Leverage Data Brokers to Target You

Source: Security Boulevard

While data brokerage is a legitimate business, its implications for privacy are concerning. Even more disturbing is the fact that this wealth of information doesn’t just attract legitimate businesses—it’s also a goldmine for cybercriminals. Read more.

How Choosing Authentication Is a Business-Critical Decision


While remote work has its benefits, it also yields increased risk and an expanded attack surface. Ubiquitous remote access technologies and cloud usage growth are the top contributors to the elevated risk of credential theft. Read more.

Scam-as-a-Service Classiscam Expands Impersonation in Attacks to Include Over 250 Brands

Source: KnowBe4

Now entering its third year in business, the phishing platform, Classicam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1000 attack groups worldwide. Read more.

Unveiling The Shadows: The Dark Alliance Between GuLoader and Remcos


These programs, which are positioned as legitimate tools, are constantly used in attacks and occupy top positions in the most prevalent malware rankings. While the sellers state that these tools should only be employed lawfully, a deeper truth is that their primary customers are none other than cybercriminals. Read more.

Scattered Spider: 2023’s most powerful threat actor?


In fact, according to a report by Mandiant Intelligence, Scattered Spider (codenamed UNC3944), is a financially motivated threat cluster that has persistently used phone-based social engineering and smishing (SMS phishing) campaigns to obtain credentials of its victims and launch cyberattacks. Read more.

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

Source: Cisco Talos

We assess with high confidence that both implants belong to a new intrusion set we’re calling “ShroudedSnooper.” Based on the HTTP URL patterns used in the implants, such as those mimicking Microsoft’s Exchange Web Services (EWS) platform, we assess that this threat actor likely exploits internet-facing servers and deploys HTTPSnoop to gain initial access. Read more.

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations


APT29 has used various infection chains simultaneously across different operations, indicating that distinct initial access operators or subteams are possibly operating in parallel to service different regional targets or espionage objectives. Read more.

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

Source: Sentinel LABS

Sandman has deployed a novel modular backdoor utilizing the LuaJIT platform, a relatively rare occurrence in the threat landscape. We refer to this malware as LuaDream. Read more.

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

Source: The Hacker News

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. Read more.

GOLD MELODY: Profile of an Initial Access Broker

Source: Secureworks

Secureworks® Counter Threat Unit™ (CTU) analysis indicates that the GOLD MELODY threat group acts as an initial access broker (IAB) that sells access to compromised organizations for other cybercriminals to exploit. This financially motivated group has been active since at least 2017, compromising organizations by exploiting vulnerabilities in unpatched internet-facing servers. Read more.

Web3 Platform Mixin Network Hit by $200m Crypto Hack

Source: Infosecurity Magazine

Hong Kong-based decentralized finance (DeFi) project Mixin Network lost around $200m in cryptocurrency in what could already be one of the biggest hacks targeting a web3 platform. Read more.