This report synthesizes findings from 51 threat intelligence articles, highlighting key cyber threats and actors targeting various sectors. Notable threats include LockBit ransomware, the TorNet backdoor campaign, and QBot resurgence, utilizing sophisticated tactics and diverse malware. Affected: financial institutions, government entities, telecommunications, general cybersecurity sector
Keypoints :
- A rise in cyber attacks targeting financial institutions and government sectors.
- Increased use of sophisticated tactics, including socio-engineering through phishing.
- Deployment of advanced malware like LockBit ransomware and the TorNet backdoor.
- Significant cyber-espionage campaigns focusing on high-value entities using weaponized documents.
- Resurgence of QBot malware exhibits connections to notable ransomware activities.
MITRE Techniques :
- Technique: T1573 β Encrypted Channel, Procedure: Using encryption for command/control communications.
- Technique: T1071 β Application Layer Protocol, Procedure: Leveraging HTTP/HTTPS for C2 communication.
- Technique: T1563 β Remote Service Session Hijacking, Procedure: Exploiting legitimate services for unauthorized access.
- Technique: T1552 β Unsecured Credentials, Procedure: Credential dumping for lateral movement within networks.
- Technique: T1203 β Exploitation for Client Execution, Procedure: Using malicious documents for malware delivery.
Indicator of Compromise :
- [IP Address] 159[.]100[.]14[.]254
- [IP Address] 104[.]168[.]7[.]37
- [Domain] accessservicesonline[.]com
- [SHA-256] 2389b3978887ec1094b26b35e21e9c77826d91f7fa25b2a1cb5ad836ba2d7ec4
- [URL] https://accessservicesonline[.]com/setup_wm[.]exe
Full Story: https://medium.com/@rst_cloud/rst-ti-report-digest-03-feb-2025-0faadb4b690d?source=rssββcybersecurity-5