Doing our part to keep you informed on the latest cybersecurity threats this week. 👇 https://bit.ly/46JIoxB
1️⃣ Threat Profile: Sandworm Team
Threat level: High 🟥
The Sandworm Team is a highly sophisticated cyber-espionage and cyber-warfare group believed to be associated with the Russian military intelligence agency GRU.
2️⃣ Threat Actors Continue To Take Advantage Of LockBit Ransomware Builders
Threat level: Medium 🟧
Emerging variants of LockBit ransomware, such as Brain Cipher Ransomware and Nullbudge Lock, provide links to Tor-accessible web interfaces for ransom negotiations.
3️⃣ Threat Profile: Kimsuky
Threat level: Medium 🟧
This group actor, believed to be sponsored by the North Korean regime, seeks to focus on espionage and TTPs employed by the group through phishing tactics.
4️⃣ Threat Profile: Latrodectus
Threat level: Medium 🟧
Latrodectus is a downloader malware possibly derived from the same authors as IcedID, aiming to deploy further malware, such as Danabot or IcedID. It can run processes or existing files from the compromised system.
5️⃣ Multiple Attack Chains Distribute Fickle Stealer
Threat level: Medium 🟧
Fickle Stealer is a Rust-based malware distributed via various methods, including VBA droppers, downloaders, and executable downloaders.
6️⃣ Boolka Threat Actor Using Formstealing JavaScript To Capture Sensitive Data
Threat level: Medium 🟧
A landing page designed to distribute the BManager modular trojan uses tactics suggesting the script is designed for data exfiltration, likely capturing sensitive information.
7️⃣ Russia-Linked CopyCop Targets Political Leaders To Influence Elections Via Mis-Information Campaigns
Threat level: Medium 🟧
Copycop is a Russian government-aligned influence network using fake websites and generative AI for extensive influence operations.
8️⃣ RisePro Information Stealer Technical Analysis
Threat level: Medium 🟧
RisePro is a versatile information-stealing malware developed in C++, first identified in December 2022.
9️⃣ ChamelGang Attacking Critical Infrastructure with Ransomware
Threat level: Low 🟨
Threat actors in cyber espionage are increasingly using ransomware in their operations. A cluster of attacks using BestCrypt and BitLocker has particularly affected the U.S. manufacturing sector.
🔟 The Gamaredon Group Carries Out Attacks Against Ukraine Using Malicious 1px Image Files
Threat level: Low 🟨
The Gamaredon Group, also known as UNC530, Armageddon, and Shuckworm, is believed to be responsible for a recent attack campaign targeting Ukraine.