CYFIRMA: Cybersecurity Dossier June 30, 2023
Threat Actor in Focus: Chinese APT Camaro Dragon aka Mustang Panda Strikes Health Care Industry
A recent cyber-attack on a European hospital revealed that the observed malicious activity was likely unintended and resulted from the widespread propagation of Camaro Dragon’s self-propagating malware through USB drives. Camaro Dragon, a Chinese- based espionage threat actor, primarily targets Southeast Asian countries and associated foreign entities. The threat actor’s tactics, techniques, and procedures (TTPs) and resources bear resemblance to those of other Chinese threat actors, namely Mustang Panda and LuminousMoth.?
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store
?The team at CYFIRMA recently obtained suspicious Android apps hosted on the Google Play Store under the account “SecurITY Industry”. Further technical analysis revealed that the app has malware characteristics and belongs to the notorious Advanced Persistent Threat Group; “DoNot”, which recently targeted individuals in the Kashmir region.?
Mystic Stealer – Evolving “stealth” Malware
Information stealers pose an ongoing and dynamic threat to the security of both individuals and organizations. CYFIRMA’s Research team recently discovered an information stealer called “Mystic Stealer” being promoted in an underground forum, with the threat actor utilizing a Telegram channel for their operations. This threat actor continuously enhances the malware, incorporating new features to enhance its effectiveness and expand its user base.?
Unveiling DeltaBoys : Interview about their Past and Motivation.
Recently CYFIRMA published a report on the new threat actor group DeltaBoys. In a follow-up, we were able to get in touch with “Anony”, representing the group and asked some questions to clarify their motivation and learn more about the people behind the veil.
CYFIRMA Research - Episode 009: Delta Boys-Black Hats On The Rise?
DeltaBoys have been operating since December 2021, initially starting out as database brokers and carders. However, in August 2022, their operation evolved into mass defacement and the ‘initial access’ broking market, providing webshells to sensitive websites. To fund their geopolitically motivated operations, they built a diverse catalogue of recently compromised databases, ‘zero-days’, ‘exploits to known vulnerabilities’, webshells, and leaked credit cards for sale.
领英推荐
Typosquatting Unmasked : Exposing the Threats of Misplaced Keystrokes
At Cyfirma, our mission is to keep you informed about the latest and common prevailing threats and techniques employed by malicious actors to exploit organizations and individuals. In this report, we will delve into the insidious technique known as typosquatting. Although seemingly simple and commonplace, this technique harbours significant risks that can profoundly affect both individuals and organizations.?
Ransomware of the Week
CYFIRMA Research and Advisory Team has found a new ransomware known as?Rhysida?while monitoring various underground forums as part of our Threat Discovery Process.?This ransomware specifically targets the widely used Windows Operating System, which is prevalent across numerous industries and organizations.
Trending Malware of the Week
Researchers have discovered a new mobile malware campaign targeting online banking customers in the United States, United Kingdom, Germany, Austria, and Switzerland. The campaign utilizes an Android banking trojan called?'Anatsa'?and the attackers are distributing their malware via the Play Store, Android's official app store, and already have over 30,000 installations via this method alone.
CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.
SCHEDULE A DEMO?HERE
Visit?www.cyfirma.com
Message sent by CYFIRMA at 6 Raffles Quay, Level 16 S(048580), Singapore, Singapore.
Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan
1 年Thanks for Posting.