North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.
"Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control (C2) server," Kaspersky said in a new report.
Also called Silent Chollima and Stonefly, Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Winnti’s new UNAPIMON tool hides malware from security software
The Chinese ‘Winnti’ hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. […] Read More
UNC3944 Hackers Acquire Corporate Logins Using SMS Phishing And Support Desk Calls
A financially driven threat group, UNC3944 has frequently employed phone-based social engineering and SMS phishing attacks to gain credentials and escalate access to target organizations.
The hacking group has been observed to target a wide range of businesses, including hospitality, retail, media and entertainment, financial services, and telecommunication and business process outsourcer (BPO) firms.
According to Mandiant, due to the group’s geographic diversity, it has shown a larger concentration on stealing huge amounts of confidential data for extortion and they appear to be familiar with Western commercial practices.
Additionally, UNC3944 has routinely used freely accessible tools, legal software, and malware that can be purchased on darknet forums.
Tactics, Techniques, And Procedures (TTPs)
To gain initial access to its victims, UNC3944 mainly depends on social engineering. They routinely call victim help desks and use SMS phishing operations to change passwords or get multifactor bypass codes.
Particularly, to avoid detection by security monitoring technologies, threat actors employed commercial, residential proxy services to reach their victims from the same neighborhood.
“The threat actors operate with an extremely high operational tempo, accessing critical systems and exfiltrating large volumes of data over a few days,” according to the information shared with Cyber Security News.
Focusing on password managers or privileged access management systems accomplishes privilege escalation.
UNC3944 attack lifecycle
Threat actors tend to target business-critical virtual machines and other systems, particularly when delivering ransomware, perhaps to do as much damage to the victim as possible.
Protect your Business Email from threats like tracking, blocking, modifying, phishing, account takeover, business email compromise, malware, and ransomware with Trustifi’s AI-powered email security solution.
Further, they utilize aggressive communication techniques to interact with victims, including posting threatening notes in text files on computers, sending emails and SMS messages to executives, and hacking into the channels that victims use to respond to issues.
Researchers mention that “threat actors will continue to improve their tradecraft over time and may leverage underground communities for support to increase the efficacy of their operations.”
“They may use other ransomware brands and/or incorporate additional monetization strategies to maximize their profits in the future”.
Recommendation
Enforce Microsoft Authenticator with number matching and delete SMS as an MFA verification option.
Ensure the security of MFA and SSPR registration by forcing users to authenticate from a trusted network location and/or by guaranteeing device compliance.
Create a Conditional Access Policy that restricts external access to Microsoft Azure and Microsoft 365 administration features by requiring users to authenticate from a trusted network location and/or ensure device compliance.
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library’s dynamic loader, allowing local attackers to gain root privileges on major Linux distributions. […] Read More