Securonix Threat Labs

Intel Source:

NSA / Secureworks

Intel Name:

Chinese_APT_Group_BRONZE_SILHOUETTE_Targeting_US_Government_and_Defense_Organizations

Date of Scan:

2023-05-30

Impact:

MEDIUM

Summary:

SecureWorks researchers have discovered a cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.

Source:
https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF

Intel Source:

Cyble

Intel Name:

Obsidian_ORB_Ransomware_Demanding_Payment_With_Gift_Cards

Date of Scan:

2023-05-30

Impact:

LOW

Summary:

Cyble researchers have come across a new and unique ransomware strain named Obsidian ORB. Extensive analysis has revealed compelling evidence that suggests a significant correlation between Obsidian ORB Ransomware and the underlying source code of the notorious Chaos ransomware.

Source:
https://blog.cyble.com/2023/05/25/obsidian-orb-ransomware-demands-gift-cards-as-payment/

Intel Source:

Cyble

Intel Name:

Ducktail_Malware_targets_a_high_profile_accounts

Date of Scan:

2023-05-30

Impact:

LOW

Summary:

Recently Cyble researchers recently discovered Ducktail malware that targets specifically Marketing and HR professionals. The malware is designed to extract browser cookies and take advantage of social media sessions to steal sensitive information from the victim’s Social Media account. The malware operation purpose is to gain control of Social Media Business accounts with adequate access privileges. TAs then use their acquired access to conduct advertisements for their financial gain.

Source:
https://blog.cyble.com/2023/05/17/ducktail-malware-focuses-on-targeting-hr-and-marketing-professionals/

Intel Source:

Cyble

Intel Name:

The_Invicta_Stealer_Spreading

Date of Scan:

2023-05-30

Impact:

LOW

Summary:

Cyble researcher Lab team discovered a new stealer called Invicta Stealer. The developer who is in charge of this malware is heavy involved on social media platforms, utilizing them to promote their information stealer and its lethal capabilities.

Source:
https://blog.cyble.com/2023/05/25/invicta-stealer-spreading-through-phony-godaddy-refund-invoices/

Intel Source:

CADO Security

Intel Name:

Legion_Malware_Targeting_SSH_Servers_and_AWS_Credentials

Date of Scan:

2023-05-29

Impact:

LOW

Summary:

CADO security researchers have identified an updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.

Source:
https://www.cadosecurity.com/updates-to-legion-a-cloud-credential-harvester-and-smtp-hijacker/

Intel Source:

Sentinelone

Intel Name:

Hackers_Targeting_Users_of_Portuguese_Financial_Institutions

Date of Scan:

2023-05-29

Impact:

MEDIUM

Summary:

SentinelOne researchers have observed a campaign targeting users of Portuguese financial institutions conducted by a Brazilian threat group. The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain.

Source:
https://www.sentinelone.com/labs/operation-magalenha-long-running-campaign-pursues-portuguese-credentials-and-pii/

Intel Source:

Trustwave

Intel Name:

Phishing_Delivering_via_Encrypted_Messages

Date of Scan:

2023-05-28

Impact:

MEDIUM

Summary:

Trustwave researchers have observed phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message.

Source:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/microsoft-encrypted-restricted-permission-messages-deliver-phishing/

Intel Source:

Zscaler

Intel Name:

The_Technical_Examination_of_Pikabot

Date of Scan:

2023-05-27

Impact:

LOW

Summary:

Researchers from Zscaler have identified a new malware trojan named Pikabot which emerged in early 2023 that consists of two components a loader and a core module.

Source:
https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot

Intel Source:

Cyble

Intel Name:

Over_200_Corporate_Victims_Hit_by_New_Ransomware_Wave

Date of Scan:

2023-05-27

Impact:

LOW

Summary:

Cyble Research and Intelligence Labs (CRIL) discovered the increasing adoption of double extortion by ransomware groups is an alarming trend. We are witnessing a surge in ransomware attacks that not only encrypt valuable corporate data but also involve the threat of public exposure unless the attackers’ demands are fulfilled.

Source:
https://blog.cyble.com/2023/05/23/new-ransomware-wave-engulfs-over-200-corporate-victims/

Intel Source:

Sentilone

Intel Name:

Ongoing_Kimsuky_Campaign_Utilizing_Custom_Reconnaissance_Toolkit

Date of Scan:

2023-05-27

Impact:

MEDIUM

Summary:

SentinelLabs have tracking a targeted campaign against information services, as well as organizations supporting human rights activists and defectors in relation to North Korea. The campaign focuses on file reconnaissance, and exfiltrating system and hardware information, laying the groundwork for subsequent precision attacks.

Source:
https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/