Cybersecurity Wiretap #4: From Spring Cleaning with LATRODECTUS to Cyber Attacks on Egypt, UAE, and Saudi Arabia with a Focus on Emerging Threats and Vulnerabilities (week of 05/13/2024)

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID by @elasticseclabs

  • new event handlers (process discovery, desktop file listing) since its inception and integration of a self-delete technique to delete running files

Payload Trends in Malicious OneNote Samples by #PaloAlto‘s #Unit42

  • attackers have the freedom to embed either text-based malicious scripts or binary files inside OneNote. This offers them more flexibility compared to traditional macros in documents

Leveraging DNS Tunneling for Tracking and Scanning by #PaloAlto‘s #Unit42

  • scan a victim’s network infrastructure & gather info useful for future attacks
  • use DNS tunneling techniques to track delivery of malicious emails & monitor use of CDN

To the Moon and back(doors): Lunar landing in diplomatic missions by @ESETresearch

  • previously unknown backdoors – LunarWeb & LunarMail – used in compromise of European MFA & its diplomatic missions
  • Both employ steganography, hiding commands in images

Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain by @ESETresearch

  • follow-up on how Ebury has evolved, and the new malware families its operators use to monetize their botnet of Linux servers.

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 by @TrendMicro

  • targeting Asia-Pacific & employs updated tactics for infection spread and comm
  • how operates, including stages of infection C&C interaction & malware behavior

Fortnightly Vulnerability Summary by @CyfirmaR

  • Most Impacted Product: Linux | FRRouting | RobotOS
  • vulnerabilities: 3772
  • exploits published: 91
  • threat Actors: 8
  • zero day: 28

Cyber Attacks on Egypt, UAE, and Saudi Arabia by @CyfirmaR

  • pro-Palestine hacktivist groups targeted the Etisalat Egyptian unit in Mar
  • month before, systems belonging to Etisalat UAE were encrypted by LockBit ransomware group

Thanks a lot for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.