2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict
Dec 8, 2023 1:17:32 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, Cozy Bear, Killnet, Cadet Blizzard, LitterDrifter, Ghost Writer, Fancy Bear, VooDoo Bear, RedStinger, Nodaria, Cyber Regiment, IT Army of Ukraine, KibOrg, NLB
Kinsing Exploiting CVE-2023-46604
Dec 4, 2023 1:29:39 PM / by The Hivemind posted in Threat Bulletin, Cryptominer, Kinsing, CVE-2023-46604
Executive Summary
Kinsing threat actors were recently observed leveraging CVE-2023-46604, a vulnerability affecting Apache ActiveMQ, to infect Linux systems with cryptominers and rootkits.
LummaC2
Dec 1, 2023 12:48:51 PM / by The Hivemind posted in Threat Bulletin, Stealer, LummaC2, Lumma
Executive Summary
A new variant of LummaC2 was observed using a unique trigonometry-based anti-sandboxing technique.
C3RB3R Exploiting CVE-2023-22518
Nov 20, 2023 2:13:05 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Cerber, C3RB3R, CVE-2023-22518
Related Families: Cerber
Executive Summary
A new Cerber variant tracked as C3RB3R was recently observed leveraging CVE-2023-22518.
SecuriDropper Android Malware
Nov 17, 2023 1:27:39 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Ermac, SpyNote, SecuriDropper, Dropper-as-a-service
Related Families: SpyNote, Ermac
Executive Summary
SecuriDropper is a widely distributed dropper-as-a-service that bypasses Android Restricted Settings.
New MOVEit Activity
Nov 13, 2023 1:31:46 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, CVE-2023-34362, MOVEit, Technology
Verticals Targeted: Defense, Government, Technology
Executive Summary
The MOVEit vulnerability tracked as CVE-2023-34362, was first observed in May 2023. It has since been observed targeting additional entities, including those in the technology, government, and defense verticals.
BiBi-Linux Wiper
Nov 10, 2023 12:18:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Wiper, Hacktivism, Palestine, Israel, Hamas, BiBi-Linux
Executive Summary
A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.
MOIS Affiliated Threat Actor Using Liontail Framework
Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs
Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services
Executive Summary
Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign.