CYFIRMA: Cybersecurity Dossier - Oct 6, 2023
Threat Actor in Focus:?Iranian Advance Persistent Threat Group APT34 Deployed New Malware Named Menorah
In a recent observation, a new malware linked to the Iranian-based APT34 advanced
persistent threat group was detected behind a phishing attack. APT34, a sophisticated cyberespionage group, specializes in targeting Middle Eastern organizations, engaging in spear phishing campaigns, and employing advanced techniques for network access. The malware named Menorah, was discovered in a document used during the targeted attack. Menorah was designed for cyberespionage, with capabilities to identify, read, and upload files from the infected machine, as well as download additional files or malware.
The Thin Line: Educational Tools vs. Malicious Threats – A Focus on The-Murk-Stealer
The report delves into the intricate workings of “The-Murk-Stealer,” a malicious tool that can discreetly infiltrate systems to collect sensitive information. This analysis unravels its sophisticated capabilities, shedding light on its ability to extract system data of the target machine, information of various applications, directories, web browsers, crypto wallets and more. The stealer has the anti-analysis and anti-debugging capability to thwart the analysis. It has very vast features and the ability to exfiltrate data to Discord, Telegram and XMPP. Such stealers pose a significant threat by covertly infiltrating systems and surreptitiously collecting sensitive information.?
TRACKING RANSOMWARE – SEPTEMBER 2023
Welcome to the Ransomware Report for September 2023. This report provides a comprehensive analysis of notable ransomware incidents that occurred during this period. We delve into the top 5 ransomware groups responsible for the highest number of victims and their targeted industries. Additionally, we examine the geographic regions that witnessed the most ransomware attacks in September 2023. Moreover, we explore the developments within ransomware groups throughout the month, with a specific focus on emerging actors and the vulnerabilities exploited by ransomware groups in September 2023.
CYFIRMA RESEARCH – CHIT-CHAT WITH A RANSOMWARE OPERATOR
Recently, CYFIRMA Research published a?report on a new threat actor group known as FusionCore. In a follow-up, we were able to get in touch with “NecroSys”, who is the developer of SarinLocker ?ransomware. Recently, it was announced that the main developer of Typhon Reborn stealer is no longer part of the group. We asked some questions to learn more about their recent activities, including their alleged links with APT groups and what is on the horizon since a founding member and main developer has left the group.
领英推荐
Ransomware of the Week?
CYFIRMA Research and Advisory Team has found ransomware known as LostTrust while monitoring various underground forums as part of our Threat Discovery Process. LostTrust is a newly emerging ransomware that encrypts files and adds the ".losttrustencoded" extension to the names of the encrypted files. The ransomware generates ransom notes named "!LostTrustEncoded.txt" in every folder on the device. In these notes, the threat actors initially presented themselves as former white hat hackers who had transitioned to cybercrime due to inadequate compensation.
Trending Malware of the Week?
Researchers have identified and disclosed a new C/C++-based malware-as-a-service (MaaS) threat called BunnyLoader, currently advertised for sale on various cybercrime underground forums at a price of $250. It offers multiple functionalities, including downloading and executing a second-stage payload and stealing browser credentials and system information. BunnyLoader employs a keylogger to log keystrokes as well as a clipper to monitor the victim’s clipboard and replace cryptocurrency wallet addresses with actor-controlled cryptocurrency wallet addresses.?
CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.
SCHEDULE A DEMO?HERE
Visit?www.cyfirma.com