Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government
Earth Lusca's SprySOCKS Linux Backdoor
Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda
ALPHV Hacks MGM Grand
Sep 22, 2023 2:31:31 PM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Scattered Spider, MGM Grand, social engineering
Verticals Targeted: Gambling, Hospitality, Recreation
Executive Summary
MGM Resorts International was the victim of a recent cyber attack that impacted several systems, including its website, reservations, and in-casino services such as ATMs, slot machines, and credit card machines. ALPHV has taken credit for the attack.
Charming Kitten Using Sponsor Backdoor
Sep 18, 2023 2:00:54 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, Charming Kitten, Sponsor
Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications
Executive Summary
Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.
Mallox Ransomware
Sep 15, 2023 2:00:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mallox, Remcos RAT
Related Families: Remcos RAT, Metasploit
Verticals Targeted: Manufacturing, Retail, Wholesale, Legal, Professional Services
BadBazaar Spyware Variants Delivered Via Trojanized Android Apps
Sep 11, 2023 3:07:00 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, Mobile, BadBazaar, GREF
Executive Summary
Two GREF espionage campaigns used trojanized Android apps to deliver BadBazaar spyware variants.
Carderbee Targets Hong Kong in Supply Chain Attack
Sep 8, 2023 2:29:33 PM / by The Hivemind posted in Threat Bulletin, Carderbee, Korplug, PlugX
Related Families: Korplug, PlugX
Executive Summary
In a recent campaign, Carderbee targeted entities in Hong Kong and other regions of Asia via a supply chain attack leveraging the legitimate Cobra DocGuard software.
UNC4841 Targeting Government Entities with Barracuda ESG 0day
Sep 4, 2023 1:24:05 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, Telecommunications, Aerospace, CVE-2023-2868, Military, Technology, DEPTHCHARGE, UNC4841, SKIPJACK, FOXTROT, FOXGLOVE
Related Families: SKIPJACK, DEPTHCHARGE, FOXTROT, FOXGLOVE
Verticals Targeted: Government, Military, Defense, Aerospace, Technology, Telecommunications
Executive Summary
UNC4841 was observed using CVE-2023-2868 to target entities in multiple verticals, including government and military.
New XLoader Variant Disguised as Signed App
Sep 1, 2023 1:24:48 PM / by The Hivemind posted in Threat Bulletin, Xloader, MacOS
Executive Summary
A new XLoader variant has been observed in the wild, targeting MacOS systems and disguising itself as a signed OfficeNote app.