🔙 🚪 Researchers found a new backdoor called #Slopoly, likely generated with #AI, used in an Interlock ransomware attack to steal data.
Slopoly is a simple #PowerShell client that beacons to a C2 server, runs commands, and keeps persistence.
#IBM X-Force links the attack to a financially motivated group known as Hive0163 and says AI tools are speeding custom malware development.
#infosec #cybersecurity #tech #ibmxforce #xforce #threatintel
https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks
There are a lot of articles and discussions concerning the Handala Hack Team, and especially the recent attack on Stryker.
Multiple articles have been published regarding this threat actor and I have put together a "Threat Actor Profile" for Handala. It's as always reasonably well attributed to origin sources and hopefully provides a good overview of the actor based on available OSINT research.
Please reach out if you believe there are mistakes in the article that should be corrected.
Dutch intelligence agencies warn of a phishing campaign targeting Signal and WhatsApp accounts of government officials and military personnel.
Attackers impersonate support channels to obtain verification codes and hijack accounts.
Reports link the Coruna iPhone exploit framework to Trenchant, the offensive cyber division of U.S. contractor L3Harris.
Originally built for intelligence operations, the toolkit allegedly leaked and was later used by Russian and China-linked threat actors.
A researcher infiltrated phishing panels targeting European banks after analyzing a phishing email impersonating Argenta.
Weak IP-based auth and plaintext logs exposed attacker infrastructure.
Tools like Burp Suite helped access the panel and disrupt campaigns.
Phishing kits remain dangerously accessible.
Source: https://inti.io/p/how-i-infiltrated-phishing-panels
Follow TechNadu for infosec updates.
RE: https://mastodon.social/@campuscodi/116194688591162933
Security firm Bitdefender has an in-depth report on the latest TTPs and #IOC ‘s used by an APT group, shared by Catalin below. You may not be targeted by this group, but they use the very common technique of Living off Trusted Services. One highlighted in this report is Discord. I strongly agree with Bitdefender’s advice of controlling or blocking access to Discord. Another service mentioned is the file-sharing service tmpfiles.org — limit or block access to that too. #cybersecurity #threatintel
New report from Palo Alto’s Unit42 on sophisticated attacks with long dwell times by one or more Chinese threat groups. There is a lot going on in this article and much of it likely doesn’t apply to my organization, but I try to learn from reports like this at least one thing that I can bring to my organization to improve our security posture. In this case I learned about DumpIt — a new-to-me free multiplatform forensics tool. I’m going to add that to an upcoming threat hunt and will build detections for it as well. #cybersecurity #threatintel
https://unit42.paloaltonetworks.com/cl-unk-1068-targets-critical-sectors/
Wow, now I'm getting malware URLs via reverb.com - way to hand over a long-time threat intel person the IoC's
nothing on VT yet https://www.virustotal.com/gui/url/3086617690b3b089bff0dd7b96f0e389a57ad32630fd93b6a29d6cdc8256edfe/detection
Zero detections:
https://www.urlvoid.com/scan/matyshkazemlya.com/
scan failed 403 forbidden: https://sitecheck.sucuri.net/results/www.matyshkazemlya.com
https://urlquery.net/report/7840c1b4-791d-47d1-b531-4ac3b7fd0f92 redirect and is sinkholed via DNS4EU
Submitted to Pulsedive: https://pulsedive.com/indicator/?ioc=d3d3Lm1hdHlzaGthemVtbHlhLmNvbQ==
Showing a redirect to Google on checkphish (LOL)
https://app.checkphish.ai/public/insights/1772914041531/3086617690b3b089bff0dd7b96f0e389a57ad32630fd93b6a29d6cdc8256edfe
IoC:
www.matyshkazemlya [DOT] com
Message on Reverb.com:
Hey, I've been trying to buy your listing but keep getting a payment error. The site gave me a link with some info for the seller to check — www.matyshkazemlya [DOT] com Could you take a look? Mia Brown
#IR #incidentRespose #CTI #IOC #infosec #cyberz #cybersecurity #infosec #reverb
#suspectdomain #virustotal #pulsedive #URLvoid #threatIntel #ThreatInteligence
Global cybercrime roundup: AI-assisted breaches, phishing platforms targeting 100K orgs, and crypto theft incidents - but coordinated law enforcement operations are dismantling major criminal infrastructure.
Is international cooperation finally shifting the balance against cybercrime?
Subscribe to #threatintel entries via RSS feed