This blog recaps key cybersecurity articles shared in the weekly newsletter, highlighting the most popular topics related to cyber threats, indictments, and notable actions against cybercriminals. Affected: individuals in government, cryptocurrency services, sanctions offices, nuclear organizations, Silk Road marketplace, U.S. Treasury, and various global sectors.
Keypoints :
- The Lazarus Group targeted employees at a nuclear-related organization using a backdoor called “CookiePlus” as part of a cyber espionage campaign.
- The DOJ indicted three Russian nationals involved in cryptocurrency mixing services Blender.io and Sinbad.io.
- President Trump pardoned Ross Ulbricht, the creator of the Silk Road dark web marketplace.
- Star Blizzard hackers used WhatsApp to conduct a phishing campaign targeting diplomats and government officials.
- Chinese hackers, known as Silk Typhoon, breached several U.S. Treasury offices, including the Office of Foreign Assets Control.
- A Russian-Israeli developer was charged as a suspected member of the LockBit ransomware group.
- Iran’s Charming Kitten threat actor deployed a new C++ variant of the BellaCiao malware called “BellaCPP.”
MITRE Techniques :
- TA0001: Initial Access – The Lazarus Group utilized spear-phishing techniques as part of “Operation Dream Job” to target employees.
- TA0030: Collection – The Charming Kitten group employed BellaCPP malware to gather intelligence from compromised systems.
- TA0040: Command and Control – The implementation of CookiePlus allowed for ongoing communication with compromised devices.
- TA0041: Exfiltration – Data was likely exfiltrated during the intrusion into the Treasury department’s unclassified systems.
- TA0011: Native API – The use of the BeyondTrust remote management service enabled Silk Typhoon’s access to internal Treasury networks.
Full Story: https://www.darkowl.com/blog-content/threat-intelligence-roundup-january-3/