Over the past two weeks, we saw “The Twelve Frauds of Christmas – Payment Diversion Fraud” which is a type of fraud where criminals target an individual to divert payments to criminal-controlled bank accounts. Also, we saw the “New MuddyWater Threat: Old Kitten; New Tricks” and much more on our digested blog for the week.
For more articles, check out our #onpatrol4malware blog.
The Twelve Frauds of Christmas – Payment Diversion Fraud
Source: Sark Tower
Payment Diversion Fraud is a type of fraud where criminals target an individual to divert payments to criminal-controlled bank accounts. This is typically accomplished through Business Email Compromise (BEC). Read more.
APT Cloud Atlas: Unbroken Threat
Source: Positive Technologies
Specialists at the PT Expert Security Center have been monitoring the Cloud Atlas group since May 2019. According to our data, its attacks have been targeting the government sector of 5 countries. Read more.
New MuddyWater Threat: Old Kitten; New Tricks
Source: Deep Instinct
MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran’s Ministry of Intelligence and Security (MOIS). Read more.
Accelerated Cyber Security Transformation: Time. The Nameless APT
Source: Mandiant
Time is an extremely persistent threat actor observed across all industries. The group has conducted the longest running and highest volume campaigns observed among any group to date. Read more.
Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper
Source: Check Point Research
Check Point Research (CPR) provides under-the-hood details of its analysis of the infamous Azov Ransomware. Investigation shows that Azov is capable of modifying certain 64-bit executables to execute its own code. Read more.
GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites
Source: Fortinet
FortiGuard Labs recently encountered a previously unreported Content Management System (CMS) scanner and brute forcer written in the Go programming language (also commonly referred to as Golang. Read more.
Precious Gemstones: The New Generation of Kerberos Attacks
Source: Malwarebytes Labs
Unit 42 researchers show new detection methods that help improve detection of a new line of Kerberos attacks, which allow attackers to modify Kerberos tickets to maintain privileged access. Read more.