Bloody Wolf attacks Kazakhstan The BI.ZONE Threat Intelligence team has uncovered a new adversary that attacks Kazakhstani companies with phishing emails disguised as government letters. The attackers use uncommon file types, such as JAR, to better evade defenses. To make their decoy look plausible, the criminals link the phishing attachment to Kazakhstan's government website that encourages visitors to install Java. This interpreter is required for the correct operation of Bloody Wolf's malware. Learn more: https://bit.ly/3LNH7h0
BI.ZONE’s Post
More Relevant Posts
-
𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗨𝘀𝗲 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗠𝗦𝗖 𝗙𝗶𝗹𝗲𝘀 𝘁𝗼 𝗗𝗲𝗽𝗹𝗼𝘆 𝗢𝗯𝗳𝘂𝘀𝗰𝗮𝘁𝗲𝗱 𝗕𝗮𝗰𝗸𝗱𝗼𝗼𝗿 𝗶𝗻 𝗣𝗮𝗸𝗶𝘀𝘁𝗮𝗻 𝗔𝘁𝘁𝗮𝗰𝗸𝘀 A new phishing campaign targeting Pakistan has been observed using MSC (Microsoft Common Console Document) files to deliver a sophisticated backdoor payload. The attack begins with a phishing email containing a .pdf.msc file, which masquerades as a PDF document. When opened, the file executes embedded JavaScript code, retrieves a decoy file, and secretly loads a malicious DLL file, "DismCore.dll." This backdoor establishes contact with a remote server and exfiltrates data. The attack leverages obfuscation and scheduled tasks to maintain persistence. This campaign highlights the evolving tactics of cybercriminals and the increasing abuse of MSC files, a technique similar to LNK files, for malicious execution. #𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 #𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 #𝗠𝗮𝗹𝘄𝗮𝗿𝗲 #𝗕𝗮𝗰𝗸𝗱𝗼𝗼𝗿 #𝗣𝗮𝗸𝗶𝘀𝘁𝗮𝗻
To view or add a comment, sign in
-
⛔️Msfvenom tutorial ✨ This tutorial on msfvenom is provided solely for educational purposes and to promote cyber awareness. The information and instructions contained herein are intended to help individuals understand the capabilities and potential security threats associated with penetration testing tools. We do not condone, encourage, or support any illegal or malicious activities. The use of msfvenom and other penetration testing tools should only be performed in environments where explicit permission has been granted by the system owner or within legal boundaries.
To view or add a comment, sign in
-
Kimsuky, a North Korean threat actor, specializes in phishing attacks to steal credentials. These attacks often use Russian email addresses, targeting South Korea and the U.S. Their phishing tactics involve social engineering and email spoofing, with evolving methods since September 2023. Recently, Kimsuky shifted to using unexpected sender addresses, increasing email frequencies with malicious links. Recognize phishing emails by suspicious URLs, generic greetings, and unusual attachments. Protect yourself by staying informed, conducting regular training, updating software, and using email filters and two-factor authentication. Cybersecurity companies like Genians analyze threats and support organizations in defense strategies. Stay vigilant and connect at [https://lnkd.in/ewg2SGCs) to discuss these threats further.
To view or add a comment, sign in
-
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp #
To view or add a comment, sign in
-
Organizations in #Kazakhstan are being targeted by a threat group dubbed #BloodyWolf, which is distributing a commodity malware known as #STRRAT (also called #StrigoiMaster). The cyber attacks begin with #phishing emails that impersonate the #MinistryofFinance of the #RepublicofKazakhstan and other agencies, tricking recipients into opening PDF attachments. These files masquerade as non-compliance notices and contain links to a #malicious Java archive (JAR) file and an installation guide for the #Java interpreter needed for the #malware to function. https://lnkd.in/g8VwsrXs
Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks - CXO Digitalpulse
cxodigitalpulse.com
To view or add a comment, sign in
-
Being invited by the "National Technical Committee on Cybersecurity of standardization of China" to participate in the drafting of the "Security technology sepcification for electronic mail system" which will be officially released nationwide next year. When it comes to email, most people instinctively think of it as an outdated technology without timeliness, yet it is an MUST tool that we have to use daily in our work. Because the email transfer protocol (SMTP) was proposed as early as 1980, with relatively few modifications thereafter, there are numerous security design vulnerabilities in the protocol. Moreover, email is an essential communication tool for medium and large-sized companies in their daily work. As a result, email has become hackers' favorite channel for attacks. According to statistics, 90% of current attacks start with phishing emails.
To view or add a comment, sign in
-
“Digital Literacy Workshop” (Belia Pintar Siber) at Sekolah Menengah Muda Hashim, Tutong for secondary school 🏫 students. I was supposed to just be an observer 🔭. Ended up doing the UNN intro 🤓. Wanted to share awareness on what is actually UNN and how it fits into Brunei’s telecoms ecosystem. The main highlight was the Cyber Security awarness on Cyberbullying, phishing, information security, fake news, etc by UNN’s Cybersecurity team. Hopefully to encourage and embrace a culture of cyber security. Instil trust that information is shared ethically and handled responsibly.
To view or add a comment, sign in
-
🔐 𝐂𝐲𝐛𝐞𝐫 𝐍𝐞𝐰𝐬 𝐔𝐩𝐝𝐚𝐭𝐞 🔐 📅 August 20, 2024 𝗜𝗿𝗮𝗻𝗶𝗮𝗻 𝗖𝘆𝗯𝗲𝗿 𝗚𝗿𝗼𝘂𝗽 𝗧𝗔𝟰𝟱𝟯 𝗧𝗮𝗿𝗴𝗲𝘁𝘀 𝗝𝗲𝘄𝗶𝘀𝗵 𝗟𝗲𝗮𝗱𝗲𝗿 𝘄𝗶𝘁𝗵 𝗡𝗲𝘄 𝗔𝗻𝘃𝗶𝗹𝗘𝗰𝗵𝗼 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗦𝘂𝗺𝗺𝗮𝗿𝘆: 👉 𝗦𝗽𝗲𝗮𝗿-𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻: Iranian group TA453 targets a prominent Jewish leader to deploy AnvilEcho malware. 👉 𝗧𝗵𝗿𝗲𝗮𝘁 𝗔𝗰𝘁𝗼𝗿 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗲𝗱: TA453 is linked to Iran's IRGC and overlaps with other groups like APT42 and Charming Kitten. 👉 𝗔𝘁𝘁𝗮𝗰𝗸 𝗠𝗲𝘁𝗵𝗼𝗱: Involves social engineering tactics, including impersonation of legitimate entities to gain trust and deliver the BlackSmith malware toolkit. 👉 𝗚𝗼𝗮𝗹: To gather intelligence supporting Iran's political and military objectives. 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗣𝗛𝗣 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝘁𝗼 𝗗𝗲𝗽𝗹𝗼𝘆 𝗦𝘁𝗲𝗮𝗹𝘁𝗵𝘆 𝗠𝘀𝘂𝗽𝗲𝗱𝗴𝗲 𝗕𝗮𝗰𝗸𝗱𝗼𝗼𝗿 𝗦𝘂𝗺𝗺𝗮𝗿𝘆: 👉 𝗡𝗲𝘄 𝗕𝗮𝗰𝗸𝗱𝗼𝗼𝗿: Msupedge backdoor discovered in a cyber attack on a Taiwanese university. 👉 𝗗𝗡𝗦 𝗧𝗿𝗮𝗳𝗳𝗶𝗰 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻: Uses DNS traffic to communicate with its command-and-control (C&C) server. 👉 𝗨𝗻𝗸𝗻𝗼𝘄𝗻 𝗢𝗿𝗶𝗴𝗶𝗻𝘀: The source and motives of the attack are currently unclear. 👉 𝗥𝗲𝗽𝗼𝗿𝘁𝗲𝗱 𝗕𝘆: The findings were reported by Symantec's Threat Hunter Team, part of Broadcom. 📢 𝗞𝗲𝗲𝗽 𝗮𝗻 𝗲𝘆𝗲 𝗼𝗻 𝘁𝗵𝗲 𝗹𝗮𝘁𝗲𝘀𝘁 𝗰𝘆𝗯𝗲𝗿 𝘁𝗵𝗿𝗲𝗮𝘁𝘀! #Msupedge #PHPVulnerability #TA453 #AnvilEcho #CyberSecurity #Phishing #Sehranrasooljan
To view or add a comment, sign in
-
An intelligence map for APT 32 AKA OceanLotus, Here’s a summary for their TTPs: Apt32 is a cyber espionage group believed to be sponsored by the Vietnamese government, targeting organizations in Vietnam and abroad. Targets: Technology and software companies. Government agencies. NGOs. Political opposition groups. Media outlets. Tactics: Phishing emails and attachments. Exploiting vulnerabilities. Malware and backdoors. Stealing login credentials and sensitive information. Tools: AgentTesla (malware) CoreBot (botnet) Ngrok (remote access tool) Attribution: Language used in phishing emails and malware code. Vietnamese language and cultural references. Targeting of Vietnamese government agencies and organizations. Impact: Theft of sensitive information and intellectual property. Disruption of business operations. Compromised security and privacy. Mitigation: Implement robust security measures (firewalls, intrusion detection systems) Conduct regular vulnerability assessments and penetration testing. Use strong passwords and enable two-factor authentication. Educate employees about phishing and other types of cyber attacks. Reference: MITRE to map there TTPs & develop use cases for detection…. https://lnkd.in/dTcY5SbG #threat_intellgence #mitre #cyberdefense #cybersecurity #APT32
To view or add a comment, sign in
-
Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed A Chinese APT group, operating since late 2022, named "Operation Diplomatic Specter," targets governmental entities in the Middle East, Africa, and Asia. Palo Alto Networks Unit 42 uncovered long-term espionage operations against at least seven governmental entities. The attackers leverage rare email exfiltration techniques and deploy previously undocumented backdoors like TunnelSpecter and SweetSpecter. Security Tip for SecureNexa's Followers: To protect against such threats, organizations should implement robust email security measures, regularly patch software vulnerabilities, and employ network monitoring solutions to detect and respond to suspicious activities promptly. Additionally, user awareness training can help prevent successful phishing attempts, which are often the initial entry point for APT attacks.
To view or add a comment, sign in
2,050 followers