Verticals Targeted: Financial
New BBTok Variant
Oct 2, 2023 2:44:45 PM / by The Hivemind posted in Threat Bulletin, Financial, Banker, Banking Trojan, BBTok, Latin America
ShroudedSnooper Targeting Telecommunications in the Middle East
Sep 29, 2023 1:35:33 PM / by The Hivemind posted in Threat Bulletin, Middle East, Telecommunications, ShroudedSnooper, HTTPSnoop, PipeSnoop
Related Families: HTTPSnoop, PipeSnoop
Verticals Targeted: Telecommunications
Executive Summary
ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.
Earth Lusca's SprySOCKS Linux Backdoor
Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda
Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government
Executive Summary
China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.
ALPHV Hacks MGM Grand
Sep 22, 2023 2:31:31 PM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Scattered Spider, MGM Grand, social engineering
Verticals Targeted: Gambling, Hospitality, Recreation
Executive Summary
MGM Resorts International was the victim of a recent cyber attack that impacted several systems, including its website, reservations, and in-casino services such as ATMs, slot machines, and credit card machines. ALPHV has taken credit for the attack.
Charming Kitten Using Sponsor Backdoor
Sep 18, 2023 2:00:54 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, Charming Kitten, Sponsor
Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications
Executive Summary
Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.
Mallox Ransomware
Sep 15, 2023 2:00:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mallox, Remcos RAT
Related Families: Remcos RAT, Metasploit
Verticals Targeted: Manufacturing, Retail, Wholesale, Legal, Professional Services
Executive Summary
Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware family targeting Windows systems, particularly unsecured MS-SQL servers, to compromise victim networks.
BadBazaar Spyware Variants Delivered Via Trojanized Android Apps
Sep 11, 2023 3:07:00 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, Mobile, BadBazaar, GREF
Executive Summary
Two GREF espionage campaigns used trojanized Android apps to deliver BadBazaar spyware variants.
Carderbee Targets Hong Kong in Supply Chain Attack
Sep 8, 2023 2:29:33 PM / by The Hivemind posted in Threat Bulletin, Carderbee, Korplug, PlugX
Related Families: Korplug, PlugX
Executive Summary
In a recent campaign, Carderbee targeted entities in Hong Kong and other regions of Asia via a supply chain attack leveraging the legitimate Cobra DocGuard software.