Mastodon 🐘

17 posts7 participants0 posts today

Pyrzout :vm:OT/ICS cyber threats escalate as geopolitical conflicts intensify <a href="https://www.helpnetsecurity.com/2025/02/28/dragos-2025-ot-ics-cybersecurity-report/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/02/28/dragos-2025-ot-ics-cybersecurity-report/</a> <a href="https://social.skynetcloud.site/tags/criticalinfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#criticalinfrastructure</a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a>/SCADA <a href="https://social.skynetcloud.site/tags/Dragos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Dragos</a> <a href="https://social.skynetcloud.site/tags/report" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#report</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a>

OTX BotSellers can get scammed too, and a rant about imposter syndromeThis report discusses two main topics: imposter syndrome in cybersecurity and scams targeting sellers. It highlights the prevalence of imposter syndrome among cybersecurity professionals, especially in high-performing teams, and offers advice on coping with self-doubt. The report also addresses seller abuse, where sellers are defrauded by buyers, emphasizing the importance of understanding both buyer and seller experiences to prevent fraud. Additionally, it mentions recent security headlines, including data breaches affecting veterans and IVF patients, and a new Linux backdoor targeting education and public sectors.Pulse ID: 67c148f554e64ea013431a5a Pulse Link: <a href="https://otx.alienvault.com/pulse/67c148f554e64ea013431a5a" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67c148f554e64ea013431a5a</a> Pulse Author: AlienVault Created: 2025-02-28 05:26:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://social.raytec.co/tags/ELF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ELF</a> <a href="https://social.raytec.co/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Education</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Seth GroverMalcolm v25.02.0 contains some major performance improvements, a few smaller new features and enhancements, several component version updates, bug fixes, and documentation updates. See the <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.02.0" rel="nofollow noopener noreferrer" target="_blank">release notes</a> for more details.<ul><li>✨ Features and enhancements<ul><li>performance improvements (4x faster) for NetBox enrichment (<a href="https://github.com/cisagov/Malcolm/issues/#547" rel="nofollow noopener noreferrer" target="_blank">#547</a>) and autopopulation</li><li>performance improvements (18x faster) for Suricata's processing of uploaded PCAP files (<a href="https://github.com/cisagov/Malcolm/issues/#457" rel="nofollow noopener noreferrer" target="_blank">#457</a>)</li><li>include <a href="https://github.com/corelight/zeek-long-connections" rel="nofollow noopener noreferrer" target="_blank">corelight/zeek-long-connections</a> plugin to log long connections (<a href="https://github.com/cisagov/Malcolm/issues/#585" rel="nofollow noopener noreferrer" target="_blank">#585</a>)</li><li>significant work-in-progress towards support for Sigma rules via OpenSearch Security Analytics (still incomplete due to some blocking issues upstream, see <a href="https://github.com/cisagov/Malcolm/issues/475" rel="nofollow noopener noreferrer" target="_blank">#475</a> for details)</li></ul></li><li>✅ Component version updates<ul><li>Arkime to <a href="https://github.com/arkime/arkime/blob/10bf375cc98e2c12c0286fddc7c79cb3126b993c/CHANGELOG#L43-L75" rel="nofollow noopener noreferrer" target="_blank">v5.6.1</a></li><li>capa to <a href="https://github.com/mandiant/capa/releases/tag/v9.0.0" rel="nofollow noopener noreferrer" target="_blank">v9.0.0</a></li><li>OpenSearch and OpenSearch Dashboards to <a href="https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md" rel="nofollow noopener noreferrer" target="_blank">v2.19.0</a></li></ul></li></ul><a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, <a href="https://malcolm.fyi/docs/quickstart.html#DockerVPodman" rel="nofollow noopener noreferrer" target="_blank">Podman</a> 🦭, and <a href="https://malcolm.fyi/docs/kubernetes.html#Kubernetes" rel="nofollow noopener noreferrer" target="_blank">Kubernetes</a> ⎈. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.Alternatively, dedicated official <a href="https://malcolm.fyi/docs/malcolm-hedgehog-e2e-iso-install.html#InstallationExample" rel="nofollow noopener noreferrer" target="_blank">ISO installer images</a> 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's <a href="https://github.com/cisagov/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">releases page</a> on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.sh" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.sh</code></a>) and PowerShell 🪟 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.ps1" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.ps1</code></a>). See <a href="https://malcolm.fyi/docs/download.html#DownloadISOs" rel="nofollow noopener noreferrer" target="_blank">Downloading Malcolm - Installer ISOs</a> for instructions.As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.<a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malcolm</a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HedgehogLinux</a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zeek</a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Arkime</a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetBox</a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSearch</a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Elasticsearch</a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Suricata</a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PCAP</a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkTrafficAnalysis</a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networksecuritymonitoring</a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OT</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icssecurity</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#INL</a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DHS</a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISAgov</a>

OTX BotHiding in Plain Sight: The Hidden Dangers of Geolocation in Cloud SecurityCybercriminals are increasingly exploiting trusted cloud providers to disguise attacks, a strategy known as infrastructure laundering. The Funnull Network, linked to Chinese threat actors, exemplifies this tactic by abusing cloud infrastructure for fraud and phishing. Geolocation data is no longer a reliable risk indicator as attackers leverage global cloud environments. AI-driven techniques like DeepSeek exploits are being used to infiltrate cloud systems, while collaboration tools are weaponized as covert command-and-control channels. OAuth security risks are being exploited to bypass access controls. The report emphasizes the need for behavioral analytics and AI-driven security platforms to detect and mitigate modern cloud threats effectively.Pulse ID: 67c05b0cf1a05c54afeaffc3 Pulse Link: <a href="https://otx.alienvault.com/pulse/67c05b0cf1a05c54afeaffc3" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67c05b0cf1a05c54afeaffc3</a> Pulse Author: AlienVault Created: 2025-02-27 12:31:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Rust</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotLotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking toolsCisco Talos uncovered multiple cyber espionage campaigns attributed to the Lotus Blossom group, targeting government, manufacturing, telecommunications, and media sectors. The operations utilize various versions of the Sagerunex backdoor and other hacking tools. Lotus Blossom has been active since 2012 and continues to evolve its tactics. New Sagerunex variants use third-party cloud services like Dropbox, Twitter, and Zimbra for command and control, enhancing evasion capabilities. The group employs a multi-stage attack chain for long-term persistence, often remaining undetected for months. Victims include organizations in the Philippines, Vietnam, Hong Kong, and Taiwan. The analysis reveals Lotus Blossom's sophisticated techniques, including the use of VMProtect for code obfuscation and strategic placement of tools in public folders for evasion.Pulse ID: 67c05b0d295ebf7aab02efbd Pulse Link: <a href="https://otx.alienvault.com/pulse/67c05b0d295ebf7aab02efbd" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67c05b0d295ebf7aab02efbd</a> Pulse Author: AlienVault Created: 2025-02-27 12:31:09Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/Cisco" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cisco</a> <a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Dropbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Dropbox</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/HongKong" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HongKong</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Manufacturing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Manufacturing</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Philippines" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Philippines</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Talos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Talos</a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Telecom</a> <a href="https://social.raytec.co/tags/Telecommunication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Telecommunication</a> <a href="https://social.raytec.co/tags/Twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Twitter</a> <a href="https://social.raytec.co/tags/Vietnam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vietnam</a> <a href="https://social.raytec.co/tags/Zimbra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zimbra</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotDNS Early Detection - Fast Propagating Fake Captcha distributes LummaStealerBetween October 2024 and February 2025, LummaStealer malware was distributed via fake CAPTCHA pages, targeting users who store sensitive information in browsers and cryptocurrency wallets. LummaStealer, available as Malware-as-a-Service, collects data for fraud and unauthorized access. Fake CAPTCHA pages deceive users into executing commands that download evasive files. Infoblox monitored threat actor infrastructure by analyzing DNS traffic, providing early detection of malicious domains an average of 46.8 days before public reports. The use of fake CAPTCHAs in malicious adtech schemes, involving operators and advertisers, was also highlighted. These sophisticated tactics pose significant risks to individuals and organizations.Pulse ID: 67bfb48c084fb5226e2bb67e Pulse Link: <a href="https://otx.alienvault.com/pulse/67bfb48c084fb5226e2bb67e" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67bfb48c084fb5226e2bb67e</a> Pulse Author: AlienVault Created: 2025-02-27 00:40:44Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CAPTCHA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CAPTCHA</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/MalwareAsAService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MalwareAsAService</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotUnderstanding the Snake's Habits: New ReaverBits Tools in Attacks on Russian CompaniesThe ReaverBits cybercriminal group, active since late 2023, has been conducting targeted attacks on Russian organizations in key sectors. Their recent activities, observed between September 2024 and January 2025, showcase an evolution in their tactics and malware arsenal. The group continues to use spoofing methods in phishing attacks and stealer-class malware, but has introduced new tools including the publicly available Meduza Stealer and the unique ReaverDoor malware. Their attacks involve sophisticated infection chains, utilizing modified open-source tools as downloaders and complex encryption schemes. The group's persistence and adaptability are evident in their continued focus on Russian targets and the development of more advanced malware, indicating preparations for potentially larger-scale attacks.Pulse ID: 67bee29bb12637217901a305 Pulse Link: <a href="https://otx.alienvault.com/pulse/67bee29bb12637217901a305" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67bee29bb12637217901a305</a> Pulse Author: AlienVault Created: 2025-02-26 09:44:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Encryption</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Meduza" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Meduza</a> <a href="https://social.raytec.co/tags/MeduzaStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MeduzaStealer</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotTargeted activity UAC-0212 against developers and suppliers of automation and process control solutionsIn 2024-2025, UAC-0212, a subcluster of UAC-0002 (Sandworm), launched targeted cyberattacks against Ukrainian critical infrastructure and related industries. The actor employed new tactics, exploiting CVE-2024-38213 to deliver malware through PDF documents. Tools like SECONDBEST, EMPIREPAST, SPARK, and CROOKBAG were utilized. The campaign expanded to target logistics companies, grain equipment manufacturers, and automated control system developers in Ukraine, Serbia, and the Czech Republic. The attacks aimed to compromise industrial control systems in vital sectors such as energy, water, and heat supply. The threat actor's sophisticated approach involved initial social engineering, followed by rapid lateral movement within compromised networks.Pulse ID: 67bee4e567d977e4a07d1fe0 Pulse Link: <a href="https://otx.alienvault.com/pulse/67bee4e567d977e4a07d1fe0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67bee4e567d977e4a07d1fe0</a> Pulse Author: AlienVault Created: 2025-02-26 09:54:45Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttack</a> <a href="https://social.raytec.co/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttacks</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/IndustrialControlSystems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IndustrialControlSystems</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PDF</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Sandworm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sandworm</a> <a href="https://social.raytec.co/tags/Serbia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Serbia</a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialEngineering</a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UK</a> <a href="https://social.raytec.co/tags/Ukr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukr</a> <a href="https://social.raytec.co/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukraine</a> <a href="https://social.raytec.co/tags/Ukrainian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukrainian</a> <a href="https://social.raytec.co/tags/Worm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Worm</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#developers</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotPivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past AttacksA significant discovery has been made regarding the Lazarus Advanced Persistent Threat (APT) Group's infrastructure. Analysts have uncovered a domain registered by the group shortly before the $1.4 billion Bybit crypto heist, linked to an email address used in previous attacks. The investigation revealed 27 unique Astrill VPN IP addresses in logs associated with the group's test records. The ongoing campaign involves fake job interviews on LinkedIn to lure victims into downloading malware. The research also uncovered connections to multiple domains likely part of Lazarus infrastructure, with a focus on employment scams targeting the crypto community. The group's tactics include sophisticated social engineering and malware deployment methods.Pulse ID: 67be5c918383a173b86a4b21 Pulse Link: <a href="https://otx.alienvault.com/pulse/67be5c918383a173b86a4b21" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67be5c918383a173b86a4b21</a> Pulse Author: AlienVault Created: 2025-02-26 00:13:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Lazarus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lazarus</a> <a href="https://social.raytec.co/tags/LinkedIn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LinkedIn</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialEngineering</a> <a href="https://social.raytec.co/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VPN</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotGhostwriter | New Campaign Targets Ukrainian Government and Belarusian OppositionA new campaign attributed to the Ghostwriter threat actor has been observed targeting opposition activists in Belarus and Ukrainian military and government organizations. The operation, which began preparation in mid-2024 and entered an active phase in late 2024, employs weaponized Excel documents with malicious macros to deliver PicassoLoader variants and other payloads. The campaign uses lures related to Ukrainian military and government interests, as well as Belarusian opposition topics. Multiple stages of the attack chain involve obfuscated downloaders, decoy documents, and attempts to fetch additional payloads from command and control servers. The threat actor's tactics have evolved, showing adaptations to previous techniques and targeting both Ukrainian entities and Belarusian opposition groups.Pulse ID: 67beddeb17c7b8dedc8c75bd Pulse Link: <a href="https://otx.alienvault.com/pulse/67beddeb17c7b8dedc8c75bd" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67beddeb17c7b8dedc8c75bd</a> Pulse Author: AlienVault Created: 2025-02-26 09:24:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Belarus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Belarus</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Excel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Excel</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mac</a> <a href="https://social.raytec.co/tags/Military" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Military</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UK</a> <a href="https://social.raytec.co/tags/Ukr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukr</a> <a href="https://social.raytec.co/tags/Ukrainian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukrainian</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotOperation SalmonSlalomA sophisticated cyberattack targeting industrial organizations in the Asia-Pacific region has been uncovered. The attackers utilized legitimate Chinese cloud services and a multi-stage payload delivery framework to evade detection. The campaign, named SalmonSlalom, employed techniques such as native file hosting CDN, public packers for encryption, dynamic C2 address changes, and DLL sideloading. The attack shares similarities with previous campaigns using open-source RATs like Gh0st RAT and FatalRAT, but demonstrates a shift in tactics tailored to Chinese-speaking targets. The malware installation process is complex, involving multiple stages and the use of legitimate applications to disguise malicious activity.Pulse ID: 67bede32c9b6c40d45a9f2f8 Pulse Link: <a href="https://otx.alienvault.com/pulse/67bede32c9b6c40d45a9f2f8" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67bede32c9b6c40d45a9f2f8</a> Pulse Author: AlienVault Created: 2025-02-26 09:26:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Asia</a> <a href="https://social.raytec.co/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CDN</a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttack</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Encryption</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SideLoading</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Pyrzout :vm:Nine Threat Groups Active in OT Operations in 2024: Dragos <a href="https://www.securityweek.com/nine-threat-groups-active-in-ot-operations-in-2024-dragos/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.securityweek.com/nine-threat-groups-active-in-ot-operations-in-2024-dragos/</a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a>/OT <a href="https://social.skynetcloud.site/tags/Dragos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Dragos</a> <a href="https://social.skynetcloud.site/tags/Report" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Report</a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.skynetcloud.site/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OT</a>

OTX BotFake GitHub projects distribute stealers in GitVenom campaignThe GitVenom campaign involves threat actors creating hundreds of fake repositories on GitHub containing malicious code disguised as legitimate projects. These repositories include well-designed README files and artificially inflated commit numbers to appear genuine. The malicious code, implemented in various programming languages, downloads and executes further malicious components from attacker-controlled repositories. These components include a Node.js stealer, AsyncRAT, Quasar backdoor, and a clipboard hijacker targeting cryptocurrency transactions. The campaign has been active for several years, with infection attempts observed worldwide, particularly in Russia, Brazil, and Turkey. The attackers' tactics highlight the importance of carefully examining third-party code before integration or execution.Pulse ID: 67bc8088ac6185017fcb2165 Pulse Link: <a href="https://otx.alienvault.com/pulse/67bc8088ac6185017fcb2165" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67bc8088ac6185017fcb2165</a> Pulse Author: AlienVault Created: 2025-02-24 14:22:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/AsyncRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AsyncRAT</a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/Brazil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Brazil</a> <a href="https://social.raytec.co/tags/Clipboard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Clipboard</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Nodejs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nodejs</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/Troll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Troll</a> <a href="https://social.raytec.co/tags/Turkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Turkey</a> <a href="https://social.raytec.co/tags/Venom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Venom</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotPhishing Campaigns Targeting Higher Education InstitutionsSince August 2024, there has been a significant increase in phishing attacks targeting U.S. universities. Three distinct campaigns have emerged, exploiting trust within academic institutions to deceive students, faculty, and staff. One campaign used compromised educational institutions to host Google Forms for phishing. Another involved cloning university login pages and re-hosting them on attacker-controlled infrastructure. A third campaign targeted staff and students in a two-step process, first phishing faculty credentials and then using compromised accounts to target students. These attacks aim to steal login credentials and financial information, often timed to coincide with key dates in the academic calendar. The campaigns employ various tactics to increase perceived legitimacy and perform payment redirection attacks.Pulse ID: 67bc93b2e9c1d45f56f8e90f Pulse Link: <a href="https://otx.alienvault.com/pulse/67bc93b2e9c1d45f56f8e90f" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67bc93b2e9c1d45f56f8e90f</a> Pulse Author: AlienVault Created: 2025-02-24 15:43:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Education</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/GoogleForms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleForms</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mac</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Rust</a> <a href="https://social.raytec.co/tags/Troll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Troll</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotNew wave of targeted attacks of the Angry Likho APT on Russian organizationsThe Angry Likho APT group has launched a new wave of targeted attacks primarily against Russian organizations. The group employs spear-phishing emails with malicious attachments as the initial attack vector. A previously unknown implant was discovered, utilizing a self-extracting archive and AutoIt scripts to deploy the Lumma Trojan stealer. The malware exfiltrates sensitive data, including browser information, cryptocurrency wallets, and authentication details. Hundreds of victims have been identified, mostly in Russia and Belarus. The group's tactics remain consistent, with periodic pauses in activity followed by new attack waves. They rely on readily available malicious utilities rather than developing custom tools.Pulse ID: 67bc359370c4eac6ea0f62f5 Pulse Link: <a href="https://otx.alienvault.com/pulse/67bc359370c4eac6ea0f62f5" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67bc359370c4eac6ea0f62f5</a> Pulse Author: AlienVault Created: 2025-02-24 09:02:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Autoit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Autoit</a> <a href="https://social.raytec.co/tags/Belarus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Belarus</a> <a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ELF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ELF</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpearPhishing</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotLumma Stealer Malware Thrives as Unique Patterns Uncovered in the Infostealer's Domain ClustersRecent research reveals Lumma Stealer command and control domain clusters share specific technical characteristics, enabling mapping of entire infrastructure clusters. The infostealer's logs are being shared for free on Leaky[.]pro, a new hacking forum, offering billions of stolen credential records. There's an alarming increase in malware spread via malicious YouTube links and infected files disguised in videos, comments, or descriptions. Lumma Stealer infections typically enable more extensive attacks, including ransomware deployment and espionage operations. The malware targets multiple Windows versions, stealing sensitive information like login credentials, browser data, chat logs, and cryptocurrency wallet details. Distribution methods include malvertising on popular search engines and malspam with harmful attachments. Threat actors register clusters of 10-20 domains at a time, some used immediately while others age for up to two weeks.Pulse ID: 67b91b4367a1a7f09d27df81 Pulse Link: <a href="https://otx.alienvault.com/pulse/67b91b4367a1a7f09d27df81" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67b91b4367a1a7f09d27df81</a> Pulse Author: AlienVault Created: 2025-02-22 00:33:07Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/InfoStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoStealer</a> <a href="https://social.raytec.co/tags/LummaStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LummaStealer</a> <a href="https://social.raytec.co/tags/MalSpam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MalSpam</a> <a href="https://social.raytec.co/tags/Malvertising" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malvertising</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RansomWare</a> <a href="https://social.raytec.co/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spam</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/YouTube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#YouTube</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotThe Bleeding Edge of Phishing: darcula-suite 3.0 Enables DIY Phishing of Any BrandThe darcula-suite 3.0 represents a significant advancement in phishing capabilities, allowing criminals to easily create customized phishing campaigns targeting any brand. This new version, set to launch in February 2025, builds upon the previous darcula V2 platform, which has already impacted over 200 brands worldwide. The suite utilizes browser automation tools to clone legitimate websites and create convincing phishing versions. It features improved admin dashboards, performance statistics, and Telegram notifications for criminals. The platform's ease of use and advanced deception techniques, such as unique deployment paths and IP filtering, make it a significant threat to brands previously not targeted. Netcraft has detected and blocked over 90,000 darcula phishing domains and taken down more than 20,000 fraudulent websites since March 2024.Pulse ID: 67b79532a1718dec4a044a30 Pulse Link: <a href="https://otx.alienvault.com/pulse/67b79532a1718dec4a044a30" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67b79532a1718dec4a044a30</a> Pulse Author: AlienVault Created: 2025-02-20 20:48:50Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Edge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Edge</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Telegram</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotTargeting of freelance developersNorth Korea-aligned cybercriminals are targeting freelance software developers through fake job offers and coding challenges containing malware. The campaign, dubbed DeceptiveDevelopment, uses two main malware families - BeaverTail and InvisibleFerret - to steal cryptocurrency wallets and login credentials. Attackers pose as recruiters on platforms like LinkedIn and GitHub, providing trojanized projects as part of fake interview processes. The malware steals browser data, cryptocurrency wallets, and system information, and can deploy remote access tools. Hundreds of victims globally have been observed across Windows, Linux and macOS systems. The operation shows increasing sophistication and is expected to continue evolving its tactics to target cryptocurrency users.Pulse ID: 67b81609424eb59f7dd64a0b Pulse Link: <a href="https://otx.alienvault.com/pulse/67b81609424eb59f7dd64a0b" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67b81609424eb59f7dd64a0b</a> Pulse Author: AlienVault Created: 2025-02-21 05:58:33Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Korea</a> <a href="https://social.raytec.co/tags/LinkedIn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LinkedIn</a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mac</a> <a href="https://social.raytec.co/tags/MacOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MacOS</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NorthKorea</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#developers</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotBloody Wolf evolution: new targets, new toolsBloody Wolf, a notorious threat actor, has shifted its tactics by replacing malware with the legitimate remote administration tool NetSupport. The group has expanded its targets to include organizations in both Kazakhstan and Russia, compromising over 400 systems. Their attack method involves phishing emails with PDF attachments containing links to malicious JAR files. These files download and install NetSupport components, enabling full system access. The campaign exploits the prevalence of remote work and the increased use of remote administration software. The attackers' use of legitimate tools makes detection more challenging for conventional defenses. The report provides detailed technical information about the attack process and indicators of compromise.Pulse ID: 67b786e28a1f56ac89dec990 Pulse Link: <a href="https://otx.alienvault.com/pulse/67b786e28a1f56ac89dec990" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67b786e28a1f56ac89dec990</a> Pulse Author: AlienVault Created: 2025-02-20 19:47:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Kazakhstan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kazakhstan</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/NetSupport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetSupport</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PDF</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Recent searches

Search options

Administered by:

Server stats:

#ICS