Cuckoo: Part Infostealer, Part Spyware
May 13, 2024 2:20:01 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Spyware, MacOS, Cuckoo
Cuttlefish Targeting SOHO Routers
May 10, 2024 2:07:32 PM / by The Hivemind posted in Threat Bulletin, China, Cuttlefish, HiatusRat, SOHO routers
Related Families: HiatusRat
Targeted Verticals: Telecommunications, Various
Executive Summary
Cuttlefish is a recently discovered modular malware platform observed targeting networking equipment, including enterprise grade SOHO routers.
Brokewell Android Banking Trojan
May 6, 2024 2:48:46 PM / by The Hivemind posted in Threat Bulletin, Financial, Android, Trojan, Banker, Banking Trojan, Baron Samedit, Brokewell
Verticals Targeted: Financial
Executive Summary
Brokewell is a newly discovered Android banking trojan with Device Takeover capabilities. Despite being a newcomer to the threat landscape, Brokewell poses a significant threat to the banking industry.
CoralRaider's Stealer Spree
May 3, 2024 1:53:10 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, LummaC2, Rhadamanthys, CryptBot, CoralRaider
Related Families: CryptBot, LummaC2, Rhadamanthys
Verticals Targeted: Technology, Defense
Executive Summary
The threat actor group CoralRaider was recently observed on a stealer spree distributing three infostealers, CryptBot, LummaC2, and Rhadamanthys.
VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure
Apr 26, 2024 2:28:37 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, ICS, Energy, VooDoo Bear, Kapeka
Related Families: GreyEnergy, Prestige
Verticals Targeted: Critical Infrastructure
Executive Summary
Kapeka, also known as KnuckleTouch, is a novel backdoor used by VooDoo Bear to target entities in Eastern Europe.
Cerber Ransomware Linux Variant Exploiting CVE-2023-22518
Apr 22, 2024 2:02:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cerber, CVE-2023-22518, Confluence
Related Families: Effluence
Executive Summary
A Linux variant of Cerber ransomware was observed exploiting CVE-2023-22518, a vulnerability affecting Atlassian Confluence.
Operation MidnightEclipse Leverages CVE-2024-3400
Apr 19, 2024 12:54:33 PM / by The Hivemind posted in Threat Bulletin, UPSTYLE, Operation MidnightEclipse, CVE-2024-3400
Related Families: UPSTYLE
Executive Summary
Since late March 2024, a threat actor dubbed UTA0218 has been leveraging a zero-day exploit of CVE-2024-3400.
DarkGate
Apr 15, 2024 3:29:16 PM / by The Hivemind posted in Threat Bulletin, Loader, DarkGate, CVE-2023-36025, CVE-2024-21412
Verticals Targeted: Financial