Threat Actors
Kimsuky’s GoldDragon Cluster and its C2 Operations
Impacted Industries: Public Administration; Information; Professional, Scientific, Technical Services, and Education
What You Need To Know:
Kaspersky observed a North Korean state-sponsored threat actor, targeting Public Administration, agencies or organizations tasked with administering public policy. Targets included Information, Professional, Scientific, Technical, and Education sectors.
Malware
Check Point Research Detects Crypto Miner Malware Disguised as Google Translate Desktop and Other Legitimate Applications
Impacted Industries: All
What You Need To Know:
Check Point Research observed a cryptomining campaign called Nitrokod. The applications spread cryptomining malware when users install free desktop applications, like Google translate, from popular websites such as Softpedia and uptodown or from search results.
Malware
New Golang Ransomware Agenda Customizes Attacks
Impacted Industries: All
What You Need To Know:
Trend Micro discovered ransomware samples that are customized for each victim, including unique company IDs and leaked account details.
Malware
ModernLoader Delivers Multiple Stealers, Cryptominers and RATs
Impacted Industries: Unknown
What You Need To Know:
Cisco Talos observed three separate but related campaigns between March and June 2022, compromising vulnerable web applications and delivering various malware families.
New TTPs
Remcos RAT New TTPS – Detection & Response
Impacted Industries: All
What You Need To Know:
SOC Investigation details the new TTPs employed by a remote access trojan, that is available for free, and how it could be used to take control of infected PCs.
Threat Landscape
Mini Stealer: Possible Predecessor Of Parrot Stealer
Impacted Industries: All
What You Need To Know:
Cyble discovered a malware developer releasing an information stealers builder and panel for free. The developer claims that the stealer can target operating systems such as Windows 7, 10, and 11, over 20 FTP applications, and over 25 Chromium-based browsers.
Exploited Vulnerabilities
CISA Adds 10 Vulnerabilities To Its Known Exploited Vulnerabilities Catalog
Impacted Industries: All
What You Need To Know:
Based on evidence of active exploitation, CISA has added 10 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Some of the vendors affected include Apache, Apple OS, VMWare, and Grafana Labs.
What We Mean When We Say
Estimates of Likelihood
We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.
Confidence in Assessments
Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:
- High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
- Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
- Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.
Share