CYFIRMA: Cybersecurity Dossier - Aug 25, 2023
Threat Actor in Focus: A New APT Carderbee Exploits Legitimate Software for Malware Distribution
In a recent observation, a newly identified advanced persistent threat (APT) group named Carderbee has executed a sophisticated supply chain attack, using the legitimate Cobra DocGuard software to infiltrate victim computers and deploy the Korplug backdoor (also known as PlugX). The attackers leveraged a legitimate Microsoft certificate to sign their malware, evading detection and enhancing their credibility. Predominantly targeting victims in Hong Kong, with some across Asia, the campaign's primary aim was to distribute the Korplug backdoor. The campaign's origins remain uncertain, and while Korplug is associated with various APT groups, this activity couldn't be definitively linked to any known threat actor.?
The Persistent Danger of Remcos RAT
Within the ever-evolving landscape of cybersecurity threats, our investigation has uncovered a sophisticated ecosystem where the Remcos Remote Access Trojan (RAT) thrives. This ecosystem is supported by a diverse array of servers that function as command and control (C2) centres, orchestrating the distribution of Remcos RAT and various other malicious files to compromised systems. As part of our commitment to ensuring digital security, this report delves into a thorough analysis of the Remcos RAT, revealing a web of malicious IPs, intricate payloads, and techniques. By dissecting the modus operandi of this threat, we endeavour to equip organizations and individuals with the insights needed to fortify their defences against this persistent and sophisticated cyber menace.
Unmasking – EVLF DEV-The Creator of CypherRAT and CraxsRAT
‘Malware-as-a-service’ has been around for some time, however of late, it has become increasingly convenient for cybercriminals to kickstart their activities without having to learn malware development itself. MaaS operators like EVLF, FusionCore, and others are making it easier for threat actors to weaponize their malware arsenal based on specific use cases: we’re delving into the investigation of MaaS distributing an Android RAT, which exhibits more destructiveness than any other Android RAT documented by cybersecurity organizations.
CYFIRMA Industry Report : INFORMATION TECHNOLOGY
Welcome to CYFIRMA infographic industry report, where we delve into the external threat landscape of the Information Technology industry over the past three months. This report provides valuable insights and data-driven statistics, delivering a concise analysis of attack campaigns, phishing telemetry, and ransomware incidents targeting IT organizations, including services, software and hardware. We aim to present an industry-specific overview in a convenient, engaging, and informative format.?
领英推荐
Ransomware of the Week
Researchers have identified a new ransomware strain called INC, targeting large commercial entities. The ransomware will encrypt the file and append it with the?“.INC"?extension. After the encryption process was concluded, INC ransomware created a ransom note titled?"INC-README.txt".?:?This ransomware targets the Windows Operating system commonly used by many organizations of various industries
Trending Malware of the Week
In August 2023, researchers found a malware called QwixxRAT (also known as Telegram RAT). It is being distributed by a threat actor through platforms like Telegram and Discord. This malware is designed to secretly gather sensitive information from Windows computers where it's installed. The collected data is then sent to the attacker's Telegram bot, giving them unauthorized access to the victim's private information. This threat affects both businesses and individual users, as the malware discreetly infects devices and extracts a broad range of data.
CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.
SCHEDULE A DEMO?HERE
Visit?www.cyfirma.com
Message sent by CYFIRMA at 6 Raffles Quay, Level 16 S(048580), Singapore, Singapore.
Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan
1 年Thanks for Posting.