Cybersec Sentinel (Page 3)

Winos4.0 RAT Targets Gamers and Educational Institutions in New Malware Campaign

Winos4.0 RAT Targets Gamers and Educational Institutions in New Malware Campaign

Threat Group: Unknown Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering through gaming-related applications targeting Windows Malware Used: Winos4.0 Threat Score: High (8.5/10) — due to its sophisticated evasion, control functions, and targeting of gaming and educational sectors Last Threat Observation: November 6, 2024, by FortiGuard

APT36 Goes Cloudy ElizaRAT Puts Indian Systems in the Crosshairs

APT36 Goes Cloudy ElizaRAT Puts Indian Systems in the Crosshairs

Threat Group: APT36 (Transparent Tribe) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Windows, Linux-based espionage with cloud-based C2 communication Malware Used: ElizaRAT, ApoloStealer Threat Score: High (8.8/10) — Enhanced evasion and control tactics, leveraging multiple cloud services for concealment Last Threat Observation: November 2024 (AlienVault, Check Point Research)

SYS01 Malware Exploits Meta Business Ads to Steal Credentials

SYS01 Malware Exploits Meta Business Ads to Steal Credentials

Threat Overview Threat Group: Unknown, suspected Rilide malware affiliates Threat Type: Infostealer Malware Exploited Vulnerabilities: Browser credential storage, Facebook account access, Windows Task Scheduler Malware Used: SYS01 Infostealer Threat Score: High (8.5/10) — Due to sophisticated targeting of widely-used platforms, persistent evasion tactics, and expansive reach Last Threat Observation:

OpenAI Impersonation Scam Puts ChatGPT Users at Risk

OpenAI Impersonation Scam Puts ChatGPT Users at Risk

Threat Group: Unknown Cybercriminals Threat Type: Phishing Attack Exploited Vulnerabilities: Credential Harvesting Malware Used: None detected, phishing-only campaign Threat Score: High (7.5/10) — Due to scale and the use of advanced impersonation tactics. Last Threat Observation: November 2024 Threat Group: Unknown Cybercriminals Threat Type: Phishing Attack Exploited Vulnerabilities: Credential

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Threat Group: Interlock Threat Type: Ransomware Exploited Vulnerabilities: Network vulnerabilities; FreeBSD and VMware ESXi environments Malware Used: Interlock ransomware variants for FreeBSD and Windows Threat Score: High (8.0/10) — due to cross-platform targeting, focus on critical infrastructure, and double-extortion tactics Last Threat Observation: November 2024 Overview Interlock ransomware is

Emerging Threat Play Ransomware Targets Critical Infrastructure

Emerging Threat Play Ransomware Targets Critical Infrastructure

Threat Type: Ransomware Exploited Vulnerabilities: Microsoft Exchange ProxyNotShell (CVE-2022-41040, CVE-2022-41082), FortiOS vulnerabilities (CVE-2018-13379, CVE-2020-12812), Remote Desktop Protocol (RDP) Malware Used: Play ransomware encryptor, custom VSS copying tool, Grixba information stealer Threat Score: Critical (9/10) — Enhanced threat level due to state-backed collaborations and increased targeting of high-value sectors Last Threat

Phish 'n' Ships Aims to Disrupt the Global Shipping Industry

Phish 'n' Ships Aims to Disrupt the Global Shipping Industry

Threat Type: - Phishing and Credential Theft Exploited Vulnerabilities: - Human Error via Phishing Attacks Malware Used: - None specified (primarily credential-harvesting techniques) Threat Score: - Moderate to High (7.5/10) — The campaign targets the maritime sector, a critical infrastructure, with phishing designed to penetrate operational technology (OT) networks.

GHOSTPULSE Infiltration via MSIX Application Packages

GHOSTPULSE Infiltration via MSIX Application Packages

Threat Group: Unknown Threat Type: Multi-stage Malware Loader Exploited Vulnerabilities: DLL Side-loading, Module Stomping, Process Doppelgänging Malware Used: GHOSTPULSE Threat Score: High (8.5/10) — Due to advanced evasion techniques and targeting of commonly used software through deceptive MSIX packages. Last Threat Observation: October 30, 2024 Overview GHOSTPULSE is a

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Threat Group: UNC5812 Threat Type: Hybrid Espionage and Influence Operation Exploited Vulnerabilities: Android and Windows vulnerabilities, including CVE-2024-47575 Malware Used: SUNSPINNER, PURESTEALER, CRAXSRAT, Pronsis Loader Threat Score: High (8.5/10) — due to multifaceted espionage and influence tactics targeting military sectors. Last Threat Observation: October 29, 2024 Overview UNC5812, a