Cyber Intel Brief: July 21 – 27, 2022

Malware

Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware

Impacted Industries: Unknown

What You Need To Know:

Intezer released the technical analysis of previously unknown and undocumented Linux malware. The malware is modular with various features, including installing rootkits, running shell commands, exfiltrating, overwriting, or deleting files, and writing data to a file. To date, Intezer has not observed this malware in the wild.


Malware

CosmicStrand: the Discovery of a Sophisticated UEFI Firmware Rootkit

Impacted Industries: Unknown

What You Need To Know:

Kaspersky recently published its technical analysis of a UEFI firmware rootkit and attributed it to an unknown Chinese-speaking threat actor. Furthermore, there is evidence that this rootkit targets Gigabyte or ASUS motherboard images using the H81 chipset.


Malware

DUCKTAIL: An Infostealer Malware Targeting Facebook Business Accounts

Impacted Industries: All

What You Need To Know:

WithSecure has uncovered an ongoing information-stealing operation targeting employees who may have access to Facebook Business accounts. It is unknown whether the threat actor(s) succeeded in bypassing Facebook’s security measures and compromised accounts.


Malware

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Impacted Industries:  Suspected Organizations in the Real Estate Sector

What You Need To Know:

Trend Micro’s recent incident investigation uncovered an intrusion set linked to a suspected initial access broker campaign. The campaign lures victims into downloading the malware masquerading as real estate legal document templates.


Ransomware

LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities

Impacted Industries: All

What You Need To Know:

Trend Micro recently published its findings from its technical analysis of LockBit 3.0 (LockBit Black). Their analysis revealed several similarities with the BlackMatter ransomware; some are identical.


Phishing

Robin Banks Might Be Robbing Your Bank

Impacted Industries: All

What You Need To Know:

IronNet researchers discovered a brand-new, widespread campaign using a phishing-as-a-service (PhaaS) platform to target victims by SMS and email to harvest their account credentials and financial information of victims. The PhaaS platform provides templates for numerous large financial institutions and other businesses like Google, Microsoft, T-Mobile, and several international companies.


Phishing

What Talos Incident Response Learned From a Recent Qakbot Attack Hijacking Old Email Threads

Impacted Industries: All

What You Need To Know:

Cisco Talos observed a threat actor delivering a banking trojan using a collection of emails obtained from multiple previously compromised organizations to launch focused phishing campaigns targeting specific uncompromised organizations.


What We Mean When We Say

Estimates of Likelihood

We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.

Confidence in Assessments

Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:

  • High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
  • Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
  • Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.

Share

LinkedIn Twitter YouTube

Subscribe to the Deepwatch Insights Blog