
Autonomous Threat Sweeper
Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.
Latest ATS Entries
All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.
—
- Intel Source:
- NSA / Secureworks
- Intel Name:
- Chinese_APT_Group_BRONZE_SILHOUETTE_Targeting_US_Government_and_Defense_Organizations
- Date of Scan:
- 2023-05-30
- Impact:
- MEDIUM
- Summary:
- SecureWorks researchers have discovered a cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.
—
- Intel Source:
- Cyble
- Intel Name:
- Obsidian_ORB_Ransomware_Demanding_Payment_With_Gift_Cards
- Date of Scan:
- 2023-05-30
- Impact:
- LOW
- Summary:
- Cyble researchers have come across a new and unique ransomware strain named Obsidian ORB. Extensive analysis has revealed compelling evidence that suggests a significant correlation between Obsidian ORB Ransomware and the underlying source code of the notorious Chaos ransomware.
Source:
https://blog.cyble.com/2023/05/25/obsidian-orb-ransomware-demands-gift-cards-as-payment/
—
- Intel Source:
- Cyble
- Intel Name:
- Ducktail_Malware_targets_a_high_profile_accounts
- Date of Scan:
- 2023-05-30
- Impact:
- LOW
- Summary:
- Recently Cyble researchers recently discovered Ducktail malware that targets specifically Marketing and HR professionals. The malware is designed to extract browser cookies and take advantage of social media sessions to steal sensitive information from the victim’s Social Media account. The malware operation purpose is to gain control of Social Media Business accounts with adequate access privileges. TAs then use their acquired access to conduct advertisements for their financial gain.
—
- Intel Source:
- Cyble
- Intel Name:
- The_Invicta_Stealer_Spreading
- Date of Scan:
- 2023-05-30
- Impact:
- LOW
- Summary:
- Cyble researcher Lab team discovered a new stealer called Invicta Stealer. The developer who is in charge of this malware is heavy involved on social media platforms, utilizing them to promote their information stealer and its lethal capabilities.
Source:
https://blog.cyble.com/2023/05/25/invicta-stealer-spreading-through-phony-godaddy-refund-invoices/
—
- Intel Source:
- CADO Security
- Intel Name:
- Legion_Malware_Targeting_SSH_Servers_and_AWS_Credentials
- Date of Scan:
- 2023-05-29
- Impact:
- LOW
- Summary:
- CADO security researchers have identified an updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.
Source:
https://www.cadosecurity.com/updates-to-legion-a-cloud-credential-harvester-and-smtp-hijacker/
—
- Intel Source:
- Sentinelone
- Intel Name:
- Hackers_Targeting_Users_of_Portuguese_Financial_Institutions
- Date of Scan:
- 2023-05-29
- Impact:
- MEDIUM
- Summary:
- SentinelOne researchers have observed a campaign targeting users of Portuguese financial institutions conducted by a Brazilian threat group. The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain.
—
- Intel Source:
- Trustwave
- Intel Name:
- Phishing_Delivering_via_Encrypted_Messages
- Date of Scan:
- 2023-05-28
- Impact:
- MEDIUM
- Summary:
- Trustwave researchers have observed phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message.
—
- Intel Source:
- Zscaler
- Intel Name:
- The_Technical_Examination_of_Pikabot
- Date of Scan:
- 2023-05-27
- Impact:
- LOW
- Summary:
- Researchers from Zscaler have identified a new malware trojan named Pikabot which emerged in early 2023 that consists of two components a loader and a core module.
Source:
https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot
—
- Intel Source:
- Cyble
- Intel Name:
- Over_200_Corporate_Victims_Hit_by_New_Ransomware_Wave
- Date of Scan:
- 2023-05-27
- Impact:
- LOW
- Summary:
- Cyble Research and Intelligence Labs (CRIL) discovered the increasing adoption of double extortion by ransomware groups is an alarming trend. We are witnessing a surge in ransomware attacks that not only encrypt valuable corporate data but also involve the threat of public exposure unless the attackers’ demands are fulfilled.
Source:
https://blog.cyble.com/2023/05/23/new-ransomware-wave-engulfs-over-200-corporate-victims/
—
- Intel Source:
- Sentilone
- Intel Name:
- Ongoing_Kimsuky_Campaign_Utilizing_Custom_Reconnaissance_Toolkit
- Date of Scan:
- 2023-05-27
- Impact:
- MEDIUM
- Summary:
- SentinelLabs have tracking a targeted campaign against information services, as well as organizations supporting human rights activists and defectors in relation to North Korea. The campaign focuses on file reconnaissance, and exfiltrating system and hardware information, laying the groundwork for subsequent precision attacks.
Source:
https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/
Shared Security Content on Sigma
Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.
What's New from Threat Labs
-
Securonix Threat Labs Security Advisory: Latest Update: Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm PayloadsLearn More
-
Securonix Threat Labs Security Advisory: New OCX#HARVESTER Attack Campaign Leverages Modernized More_eggs Suite to Target VictimsLearn More