On to the last day of the controversial year, cybercrime is still rife, as the attack activities of the Quasar Family. Quasar is an open-source RAT with a variety of functions. This is easy to use and therefore exploited by several APT actors. Learn more in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

Attack Activities by Quasar Family

Source: JPCERT/CC

Quasar is an open source RAT with a variety of functions. This is easy to use and therefore exploited by several APT actors. Some variants of this RAT have been used in attacks against Japanese organisations, and they are seen as a threat as well as Quasar itself. Read more.

New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign

Source: cybereason

An active espionage campaign has been identified employing unidentified malware variants that use Facebook, Dropbox, Google Docs and Simplenote for C&C and the exfiltration of data. Read more.

PyMICROPSIA: New Information-Stealing Trojan from AridViper

Source: PaloAlto

As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the defenses of their targets. Read more.

SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks

Source: Trend Micro

While tracking the activities of the SideWinder group, which has become infamous for targeting the South Asia region and its surrounding countries, Trend Micro identified a server used to deliver a malicious LNK file and host multiple credential phishing pages. Read more.

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Source: CISA

This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. Removing this threat actor from compromised environments will be highly complex and challenging for organizations. Read more.

NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources

Source: NSA | CSS

This advisory provides guidance to network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud. Read more.

Purgalicious VBA: Macro Obfuscation With VBA Purging

Source: Fire Eye

Malicious Office documents remain a favorite technique for every type of threat actor. In this blog post, we will discuss “VBA Purging”, a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in February 2020. Read more.

The Institute for Security and Technology (IST) Launches Multi-Sector Ransomware Task Force (RTF)

Source: IST

The Institute for Security and Technology (IST) is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime. Read more.