Just Another Blue TeamerSep 4, 2023

While most of us celebrate Labor Day let's all try to take a moment to remember those who don't get to spend time with their loved ones today, wherever they may be and whatever they may be doing!

I don't know how this report slid under my radar but the ESET researched team unveil a "Marioesque" themed adversary, #MoustachedBouncer! They are a cyberespionage group that targets foreign embassies in Belarus with the use of their ISP level access and their tools #NightClub and #Disco. Using their (assumed) unique level of access, they compromise their targets by redirecting them to a fake #Microsoft update site which loads JavaScript code then leads to a zip file being downloaded. The team wasn't able to get the zip file, but they were still able to identify some TTPs and #LOLBINS abuse, such as creating a malicious scheduled task. I hope you enjoy and Happy Hunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #LaborDay

BreakingBadnessAug 23, 2023
Episode 164 of Breaking Badness is here! This week @NotTheLinux, @ColonelPanic, and @tw_pierce discuss the Downfall Intel CPU vulnerability along with MoustachedBouncer’s espionage against Belarus. Listen here: https://www.domaintools.com/resources/podcasts/164-in-da-nightclub-malware?utm_source=Social&utm_medium=Mastodon&utm_campaign=Breaking-Badness
#MoustachedBouncer #Downfall
163. Phisherman's Wharf

This week on the pod: Downfall is in the Air, Disco Malware Fever, and Gold, Guidance, and Grievances.

DomainTools | Start Here. Know Now.
Jon GreigAug 14, 2023

Black Hat and DefCon were amazing. the amount of thoughtful researchers, experts, hackers and gov't officials gives you hope that we're (kinda) on the right path

here are some stories from Las Vegas last week #BlackHat #DEFCON31 #blackhat2023

-- Taiwan

https://therecord.media/china-taiwan-critical-infrastructure-attacks-us-easterly

-- CIRCIA/ransomware

https://therecord.media/cyber-incident-reporting-cisa-circia-ransomware-easterly

-- Cryptocurrency zero-days

https://therecord.media/multiple-vulnerabilities-affecting-crypto-platform-bitforge

-- Viasat attack update

https://therecord.media/viasat-hack-was-two-incidents-and-resulted-in-sanctions

-- Open Source and Memory Safe languages

https://therecord.media/white-house-calls-for-help-on-open-source-security

-- Belarus using #MoustachedBouncer

https://therecord.media/espionage-hackers-targeting-embassies-belarus

-- Moovit vulnerabilities

https://therecord.media/moovit-vulnerabilities-allow-free-subway-rides

-- CODESYS vulnerabilities

https://therecord.media/microsoft-reveals-vulnerabilities-codesys

-- DDoS attacks on gaming

https://therecord.media/ddos-attacks-tied-to-gaming-business-disputes-fbi-says

-- Yashma ransomware

https://therecord.media/vietnamese-hacker-targets-chinese-bulgarian-organizations-with-new-ransomware

see ya next year!

China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says

CISA Director Jen Easterly did not hold back at the DEF CON conference in describing the threat from China. She openly confirmed concerns raised by White House officials in news reports in July.

FreemindAug 12, 2023

Basically, hackers preferred two programs: “NightClub” and “Disco”. They allow, for example, to steal data, take screenshots and record audio.

#cybersecurity #malware #cyberespionage #cyberattacks #moustachedbouncer

https://cybersec84.wordpress.com/2023/08/12/moustachedbouncer-targets-foreign-embassies-in-belarus-with-cyberattacks/

MoustachedBouncer Targets Foreign Embassies in Belarus with Cyberattacks

A cyber espionage group called MoustachedBouncer used man-in-the-middle (MitM) attacks to hack the systems of foreign embassies in Belarus. According to an ESET report published yesterday, research…

CyberSec84 | Cybersecurity news.