CYFIRMA: Cybersecurity Dossier
Threat Actor in Focus: Advanced Cyber Espionage Campaign: CL-STA-0002 Unveiled in Middle East, Africa and the US?
In a recent cybersecurity study, researchers unveiled a new threat campaign orchestrated by a likely nation-state actor. This sophisticated actor has targeted a broad spectrum of sectors across the Middle East, Africa, and the United States, including government, education, real estate, retail, non-profits, and telecom companies. The actor's distinctive tactics, techniques, and procedures (TTP) have been labelled as CL-STA-0002. The threat actor employed PowerShell snap-ins to extract data confidential emails from MS Exchange environments victim. To obfuscate their activities, they attempted to compress the extracted data into a .pst file using a command-line RAR tool. The threat actor employed new malware tools in their campaigns. One such tool is named Agent Racoon, a .NET-based malware that establishes covert communication via DNS, utilizing a specific domain pattern.?
DanaBot Stealer : A Multistage MaaS Malware Re-emerges with Reduced Detectability
DanaBot is a stealthy and versatile malware that infiltrates computers to steal valuable information for monetization. Unlike ransomware that demands immediate payment, DanaBot operates discreetly, prioritizing long-term persistence and the theft of sensitive data. This well-crafted malware is offered as a malware-as-a-service (MaaS) platform, allowing cybercriminals to customize it for their specific targets.
DanaBot’s modular design and adaptability make it a formidable threat, enabling it to target a wide range of victims, including individuals, businesses, and government organizations. Since its discovery in 2018, DanaBot has been employed in various attacks, including credential theft, financial fraud, and distributed denial-of-service (DDoS) attacks. This shift towards prioritizing “quality over quantity” in email-based threats highlights the increasing sophistication of cyberattacks.
THE END OF PAX AMERICANA
The world is witnessing an alarming surge in armed conflicts, with numerous dormant tensions igniting into active hostilities. Some had been frozen for years, while others had simmered beneath the surface, occasionally erupting into sporadic clashes. Now, all these conflicts have reignited with renewed fervor.
As we go to bed each night, we are left with the unsettling prospect of waking up to news of Hezbollah joining the Gaza conflict, Iraqi militias approaching the Israeli border, or the US president issuing a 24-hour ultimatum to Iran. The Taiwan Strait remains a tinderbox, and China’s escalating coercive actions against the Philippines could spark an incident that would activate the US-Philippine defense pact, drawing America into a direct military confrontation with Beijing.
领英推荐
CYFIRMA Industry Report : MATERIALS
The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. This report focuses on the materials industry, presenting key trends and statistics in an engaging infographic format. We delve into the external threat landscape of the materials industry over the past three months. This report provides valuable insights and data-driven statistics, delivering a concise analysis of attack campaigns, phishing telemetry, and ransomware incidents targeting the materials industry. We aim to present an industry-specific overview in a convenient, engaging, and informative format. Leveraging our cutting-edge platform telemetry and the expertise of our analysts, we bring you actionable intelligence to stay ahead in the cybersecurity landscape.
Ransomware of the Week
CYFIRMA Research and Advisory Team has found a ransomware strain called Xaro while monitoring various underground forums as part of our Threat Discovery Process. Researchers have found a variant of the DJVU ransomware, dubbed Xaro. DJVU is a variant of the STOP ransomware, often disguised as legitimate services. The initial Xaro payload was observed running on the victim machine within three minutes of the first execution of the program install.exe. The payload undergoes multiple executions, with two distinct execution flows identified.?
Trending Malware of the Week
This week “FjordPhantom” is trending. Recently, researchers uncovered a new Android malware named FjordPhantom spreading in Southeast Asia, particularly in Indonesia, Thailand, and Vietnam, with reported activity in Singapore and Malaysia. This malware, discovered in early September, primarily utilizes messaging services to propagate and employs a combination of app-based malware and social engineering tactics to defraud banking customers. The researchers acquired a sample of FjordPhantom from an affected end-customer's device.
CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.
SCHEDULE A DEMO HERE
Visit www.cyfirma.com