🇨🇳 💻 New from @LabsSentinel: A Chinese threat actor has been targeting large B2B IT service providers in southern Europe to conduct cyberespionage.
In new research from @LabsSentinel and @TinextaCyber, we have discovered the first instance of a suspected Chinese APT group abusing Visual Code Studio for C2 purposes, a technique relatively rare in the wild prior to this campaign, which we have dubbed Operation Digital Eye. https://t.co/n63GBZ0tP7
🛠️ LOLESXi: Living Off The Land ESXi
A comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilized in their operations
By @blueteam0ps_ and @wietze
https://t.co/LAYtTQMO2i
#Pryx group actively distributing a Golang RAT against #UAE gov.
The backdoor purpose is to download a Tor package to setup a Tor hidden service on the victim that act as a stealthy HTTP listener for backdoor-related activities.
Backdoor versions & IoCs discussed in thread 🧵👇
As showed by Zscaler, almost one year later, APT29 used same TTPs to distribute a wine-tasting invitation (ring a bell?) to European diplomats by impersonating the Indian ambassador.
As usual, the questionnaire link downloads a zipped HTA that starts the infection chain.
3/3
🚨@cluster25_io investigated a possible #APT campaign targeting #Russian dissidents. Using different lures, the #attacks aimed at organizations and citizens, leveraging a #reverseshell. Read more on: https://t.co/l5PUgqP039
🚨A seemingly legitimate #LinkedIn profile contacts you via direct message and offers you a job, sending a PDF file. This is the beginning of a bad story that leads to #DUCKTAIL infection. Read more on: https://t.co/0vamzYLLON
🚨Beware of #BEC#attacks!
Here, we are reporting a recent, well-prepared #fraud campaign involving the names of existing non-profit foundations as bait.
Read more on: https://t.co/eTamtT4pjp
#cybersecurity#scam
#BlackByte and his #ransomware continue operating all around the world, we dissected the latest version of this famous ransomware. Here the #Ida#Python script we used: https://t.co/2CMO5em1jT
Here the report: https://t.co/Jw6eMvWrfQ
Hoping this helps the community!
@cluster25_io has become partner of @dns0eu project!
Starting April 27, 2023, Cluster25 started sharing its #APT, #Phishing / #Fraud and #Malware indicators with DNS0 in order to further raise the #security levels of its users.
https://t.co/UHxY2Za2ne
The #chemical sector is definitely considered a critical infrastructure with #strategic goals, so it's a very attractive target for #threat actors.
Check out our overview about the #cyber#risks of the chemical sector!
https://t.co/Hmgs5FDREG
@cluster25_io joined the @virustotal community!
Starting from March 2023, part of our intelligence data will be shared with this amazing community, allowing users to get insights about suspicious IPs, domains, and URLs.
Enjoy our public #Intelligence!
https://t.co/IpdmzGkUoh