Cyber Intel Brief

Rhadamanthys Infostealer, Credit Card Skimmer in Fake Meta Pixel Tracker, and Operation Midnight Eclipse

CoralRaider Gets Social, VenomRAT Deployed by ScrubCrypt, and Nearly 50 New Data Leak Victims

WarzoneRAT is Back, Ransomware Has a New Agenda, XZ Backdoor Delivered by Trusted Source, and the Latest from Data Leak Sites

Kimsuky Updates Playbook, Turla Backdoor Attack Chain Exposed, StrelaStealer Debuts, and MuddyWater Rises

Latest Phishing Tactics and Techniques, ShadowSyndicate Scanning Servers, and Fake Google Docs Pages Deliver Azorult Infostealer

Infostealer Circulated Through Facebook, Magnet Goblin Deploys Malware, PLUS 3 Common Post Network Device Tactics and eRAT

CISA Exposes Phobos Affiliates, New Attack Chain Steals NTLM, Plus Terminator and BABYSHARK

Russian Turla Deploys New Arsenal, Attackers Exploit ScreenConnect to Deliver Malware, and Cozy Bear Goes Cloud

TicTacToe Dropper Is No Game, No Malware Needed for Access to Government Victim, and Tycoon Group Offers New Phishing-as-a-Service

CISA Warns of Chinese Pre-Positioning for Attacks, New Raspberry Robin Variant, Bumblebee and Pikabot Return, Ivanti Vulnerability Deploys Unknown Webshell, and Nearly 100 New Ransomware Victims in a Week.

Another Ivanti Connect Secure and Policy Secure Vulnerability, Details on the Cloudflare Attack, a New Variant of Mispadu Stealer, and Valid Account Abuse Challenges.

Fake Website Impersonates Apple Apps, Midnight Blizzard Attacks Microsoft, Publicly-exposed RDP Gets Data Stolen and Ransomware in Three Hours

Androxgh0st Spooks Targets, Iranian APT Spear Phishing, North Korean ScarCruft Campaign Planning, and Critical Vulnerabilities in Confluence

Github Abuses, Ivanti Connect Secure VPN Compromises, New Cloud Hacking Tool FBot, and Phemedrone Infostealer Targets Microsoft Windows Defender SmartScreen

NVIDIA Executable for DLL Sideloading, Phishing with AsyncRAT, and Compromised YouTube Channels Spread Lumma Stealer

New qBit Infostealer, Cybercriminals Utilize Microsoft's App Installer to Deploy Malware, and a Google Exploit Restores Expired Cookies to Allow Persistent Access

Phishing Campaign Uses DarkGate RAT and NetSupport, ATI OSINT and Diligence Pays Dividends, and For Crying Out Loud–Stop Using Microsoft Exchange Server 2013

CozyBear Exploits JetBrains TeamCity, Qakbot Gets Regifted, Phishing Campaign Uses Publicly Available Tool Predator, and an Unexpected Gift from CISA

Russian APT Star Blizzard, Growing Insider Threats, Escalating QR Code Phishing, and the More_Eggs Backdoor

New Nova Infostealer, Gh0st RAT Evolves, New Toolset Unleashed, and a Look at Microsoft Outlook Attack Vectors

Diamond Sleet Rains Worldwide, Two New Web Shell Threats, New Botnet GoTitan Discovered, and Malware Shop Persian Remote World Sells RATS

Scattered Spider Targets IT Help Desks, Compromised VPN Credentials Lead to Rhysida, and a New Phishing Campaign Delivers Darkgate/Pikabot

Lace Tempest Storms Zero-day, Confluence Suffers Vulnerability, APT MuddyWater Evolves C2, and BatLoaders Spread Infostealers

Critical Apache ActiveMQ Vulnerability, New Millenium RAT & AsyncRAT, Socks5Systemz Botnet, and Gootloader Adds Gootbot

APT Octo-Tempest Methods, StripedFly Malware, NetSupport Manager Compromises, and Threat Actors Bypassing MFA

Vulnerability in JetBrains TeamCity Servers, Massive Attacks lead to Cryptomining and Backdoors, SSH Servers Offer Threat Actors Opportunities, and New Dual DLL Sideloading Technique Deploys QasarRat

Darkgate Malware Hits Skype and Teams, ToddyCat APT Creates Backdoors, Ether-Hiding Technique Moves Malware to Blockchain, and Ransomware Data Leak Sites Continue to Add Victims

Qakbot Actors Distribute Ransom Knight Ransomware, Storm-0324 Leverages Microsoft Teams to Distribute JSSLoader, a new APT Grayling Emerges, and Rhysida Ransomware Operators Leverage Valid VPN Credentials

BlackTech Compromises Routers, Lumma Sets Up On Over 150 Servers, Ransomware Groups Repeatedly Hitting Victims, New Malware-as-a-Service Bunnyloader Surfaces, and EvilProxy Phishing Targets Job Site Indeed