(seqrite.com) Noisy Bear APT: Multi-Stage Campaign Targeting Kazakhstan Energy Sector with DOWNSHELL PowerShell Loaders
https://www.seqrite.com/blog/operation-barrelfire-noisybear-kazakhstan-oil-gas-sector/
#TheatIntel #Cybersecurity #Infosec
@threatintel@a.gup.pe @cybersecurity
1/2
Should we continue to let DLS website visible on the public instance of RansomLook.io ?
Should we continue to let full access to the API too ?
#ransomware #theatIntel
@volexity's #theatintel team works with some of the most targeted groups in the world. Today, at the LABScon conference, we are sharing details of a long-running campaign by EvilBamboo. We have also just published details on our blog: https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/.
Our analysis has uncovered evidence of the attacker building online communities on various social media & messaging platforms, creating fake personas on social media sites, and using other #socialengineering techniques in order to distribute #Android malware, including #BADBAZAAR. Additionally, there is strong evidence of #iOS device targeting and likely exploitation using IRONSQUIRREL.
A few months ago I posted about a DNS malware C2 we had discovered— Decoy Dog — that was based on Pupy, had been undetected for over a year, and had some inexplicable behavior. We hoped the community would easily find the infected devices based on the info we provided. No suck luck. Since then we have used DNS to learn and an astonishing amount about the operations. Once we realized Decoy Dog was more advanced than Pupy, and we saw how the actors responded to our original relesases, we went back to the binaries. Today we released an indepth technical analysis of Decoy Dog, a Pupy research data set, and a new Yara rule. This is the exec summary. Link to the full technical paper and other tidbits in the comments. #dns #theatintel #malware #decoydog #rat #c2 #infoblox #datascience #threatresearch https://blogs.infoblox.com/cyber-threat-intelligence/decoy-dog-is-no-ordinary-pupy-distinguishing-malware-via-dns/
What kind of scam is this? DM received on birdsite.
hxxps://btcusdt365.com
