US Strike North Korean Fraud Ring & Phantoms USBs Hacking Governments | by Michael Lopez | Oct, 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


U.S. Strikes N. Korean Multi-Million $ Fraud Network

The U.S. government recently took action against North Korean IT professionals orchestrating a global scheme to deceive businesses, thereby funneling funds to support North Korea’s missile endeavors. The Department of Justice successfully seized 17 website domains and confiscated an approximate $1.5 million in generated revenue. These IT professionals, stationed mainly in China and Russia, leveraged counterfeit identities to execute their fraudulent activities. Notably, the domains confiscated posed as genuine U.S.-based IT service providers but were covertly linked to previously sanctioned Russian and Chinese entities. The FBI has provided insights into the tactics employed by these malicious workers, urging companies to exercise caution during the hiring process.

The recent crackdown by the U.S. DoJ illuminates the global landscape of cyber threats. North Korea’s dependency on adept IT professionals for malevolent cyber operations underscores the pressing need for international vigilance. For businesses, this situation reiterates the significance of in-depth background checks and robust cybersecurity protocols.

Hackers Utilize TetrisPhantom to Breach Secure USBs on Government Networks

A newly identified threat, ‘TetrisPhantom,’ targets government infrastructures in the Asia-Pacific area. These cybercriminals exploit secure USB drives, usually used for data transfer between systems, to gain unauthorized access. Such drives safeguard files within an encrypted domain, even allowing the transfer to air-gapped systems. By infiltrating the UTetris application on these drives, the attackers launch a payload named AcroShell on the victim’s computer. This action establishes a link to the attacker’s command center, facilitating further malicious payloads to pilfer vital documents. The hackers also gather intel on the USBs used by the victim, enabling the progression of another malware named XMKR. This malware attacks secure USB drives linked to the system, extending the attack to even isolated, air-gapped systems. With the USB connected to a computer with internet access, the stolen data is siphoned to the attacker’s server. The primary goal? Espionage.

The TetrisPhantom attacks signal a concerning evolution in cyber espionage strategies. As cybercriminals weaponize seemingly innocuous tools like USB drives, the emphasis on advanced, proactive cybersecurity measures for governmental bodies becomes paramount. The risk isn’t just data theft; it’s the potential compromise of entire secure networks and the vast intelligence they hold.

Cisco Faces Active Exploitation of IOS XE Zero-Day Vulnerabilities

Cisco has unveiled a new zero-day flaw (CVE-2023–20273) that culprits are actively leveraging to install malware on IOS XE gadgets. This security flaw operates hand-in-hand with another zero-day issue (CVE-2023–20198) recently unearthed. Fortunately, Cisco has crafted a remedy for both vulnerabilities, pledging to release it to its clientele via their Software Download Center shortly. Alarmingly, the vulnerabilities have already compromised over 40,000 Cisco devices functioning on the susceptible IOS XE software. In light of these developments, Cisco advises system admins to deactivate the vulnerable HTTP server element on all devices accessible via the internet. Newly formed or dubious user profiles should also be probed for potential malicious intent.

The revelation about these vulnerabilities in a staple networking brand like Cisco underscores the continuous arms race in cybersecurity. With the rapid evolution of cyber threats, it’s pivotal for organizations to remain vigilant, ensuring the sanctity and security of their digital ecosystems.

SolarWinds Battles Severe RCE Vulnerabilities in Access Rights Auditor

Experts in the cybersecurity domain have unearthed three grave remote code execution (RCE) flaws in SolarWinds Access Rights Manager (ARM). This platform aids IT setups in auditing and orchestrating user access rights. The discovered vulnerabilities could enable remote attackers to commandeer a system with escalated SYSTEM privileges, essentially gaining unrestricted control over all files on the victimized device. These flaws, reported via Trend Micro’s Zero Day Initiative (ZDI), received a patch in the 2023.2.1 release of the Access Rights Manager. Furthermore, SolarWinds addressed some high-risk issues that adversaries could exploit to elevate their system permissions or launch arbitrary code. The company has rolled out an advisory briefing on the identified vulnerabilities and their consequential risks.

The recent vulnerabilities discovered in SolarWinds, a reputed name in IT management software, highlight the need for constant vigilance in software development and cybersecurity. The incidents serve as a reminder that even the most sophisticated systems can have exploitable weaknesses and emphasize the importance of timely updates and patches.

ExelaStealer: Rising Star in the Malware Market

ExelaStealer is the latest entrant in the realm of malware aimed at siphoning sensitive data from vulnerable Windows systems. This open-source infostealer is available for customizations at a fee from the original threat actor. Crafted in Python with JavaScript support, this malware’s capabilities span from stealing passwords and credit card details to capturing Discord tokens, session data, keystrokes, and more. Offered through cybercrime forums and specific Telegram channels, ExelaStealer is available at varying price points, with the lifetime license costing $120. Distributed through an executable that cleverly disguises itself as a PDF document, it is versatile enough for phishing or watering hole attacks. Even with numerous infostealers active, ExelaStealer marks its distinctive space, proving the cybercrime market’s expansive nature.

The proliferation of such infostealers like ExelaStealer emphasizes the need for heightened cybersecurity measures. With its myriad of capabilities and ease of accessibility, it’s a glaring reminder of the evolving threats in the digital space. As cybercriminals become more sophisticated and innovative, it’s crucial for organizations and individuals to stay vigilant and prioritize cybersecurity efforts.

SolarWinds Under Siege: Critical Vulnerabilities Unearthed

A series of critical vulnerabilities have been unearthed in SolarWinds’ Access Rights Manager Tool (ARM). Trend Micro’s Zero Day Initiative (ZDI) revealed these lapses, which could potentially grant attackers unauthorized entry into corporate systems. Among these vulnerabilities are potent remote code execution (RCE) flaws, allowing attackers to run arbitrary codes at peak privilege levels on Windows-based systems. SolarWinds has subsequently released patches to rectify these vulnerabilities, strongly advising users to implement updates at once.

The discovery of such severe vulnerabilities in SolarWinds’ ARM is a stark reminder of the constant cyber threats organizations face. These flaws not only jeopardize sensitive data but can also disrupt critical operations. As cyberattacks continue to evolve in complexity, it’s pivotal for organizations to regularly update and patch their systems to ensure optimal security.

Europol’s Triumph: Ragnar Locker’s Reign of Ransomware Terror Ends Europol has made significant strides in the ongoing battle against ransomware by successfully dismantling the infrastructure supporting the notorious Ragnar Locker ransomware. Furthermore, a principal developer of this ransomware was apprehended in France. This comprehensive operation spanned across multiple European nations, with investigative activities in Czechia, Spain, and Latvia leading to the interviews of five accomplices. Meanwhile, pivotal servers and a data leak portal associated with Ragnar Locker were confiscated in the Netherlands, Germany, and Sweden. Renowned for its menacing double-extortion approach, the Ragnar Locker group has wreaked havoc on 168 global enterprises since its emergence in 2020, demanding ransoms not just for decryption solutions but also to withhold the release of pilfered confidential data.

The latest accomplishment by Europol in incapacitating Ragnar Locker illuminates the relentless efforts of law enforcement agencies in curbing cybercrime. The Ragnar Locker group, with its notorious reputation and expansive reach, represents a fragment of the colossal ransomware epidemic affecting organizations worldwide. While this takedown marks a significant victory, it also underscores the ever-evolving nature of threat actors. As they continually adapt and rebrand, the onus remains on global communities to maintain vigilance and reinforce cybersecurity defenses.

DarkGate and Ducktail: Two Digital Threats, One Mastermind

A link has been identified between the notorious DarkGate remote access trojan (RAT) and the cybercrime outfit from Vietnam responsible for the Ducktail infostealer. WithSecure’s investigative team, having previously flagged Ducktail’s activities in 2022, discerned the striking resemblances between DarkGate’s and Ducktail’s operations. DarkGate, a potent backdoor malware, boasts a plethora of malicious functions ranging from information theft to cryptojacking, even leveraging platforms like Skype and Teams for malware distribution. The interconnection between Ducktail and DarkGate was determined through consistent indicators such as delivery methods, targeting strategies, and lure files. Understanding such connections between distinct malware variants originating from common perpetrators helps in formulating a detailed threat landscape and foreseeing their future tactics.

The intertwining paths of DarkGate and Ducktail emphasize the complex web of threats in the cyber realm. Recognizing the strategies and associations between different malware families provides invaluable insights into the modus operandi of threat actors. For cybersecurity experts, it becomes essential to continuously monitor and decode these links to stay a step ahead of cybercriminals.


Click Here For The Original Story From This Source.

National Cyber Security