🚨 Collins Aerospace Breached Twice in One Week — Everest + Ransomware

Evidence confirms two distinct incidents:
– Everest data exfiltration (Sept 10–11): leveraged old credentials from a 2022 RedLine infection.
– Ransomware attack (Sept 19): separate event, caused system disruptions.

Legacy credentials remain one of the most exploited weaknesses in enterprise networks.

💬 How does your team track and rotate long-term credentials? Comment below & follow TechNadu for real-time cyber intelligence.

#CyberSecurity #CollinsAerospace #Everest #Ransomware #RedLineStealer #InfoSec #CredentialSecurity #ThreatIntel #AviationSecurity #CyberDefense #ZeroTrust #TechNadu

Yo #HijackLoader to #RedLineStealer incidents all over the place today. Make sure you're blocking 92.255.85[.]36 at the fw and bitly[.]cx unless you need to use that specific url shortening service for some strange reason.

#infosec #threatintel #iocs

Happy Monday everyone!

Kaspersky researchers discovered the #RedLineStealer being spread through a well-known HPDxLIB activator when adversaries published links directing unknown victims to malicious version of the software. The malicious software involved a malicious DLL getting loaded by "1cv8.exe" which would load another malicious library which would launch the stealer.

Looking at a report that was published earlier this year, McAfee researchers detailed some of the behaviors that are attributed to the RedLine Stealer. There was a creation of a "readme.txt" file in a C:\Program Files\ directory (most likely the directory of the malicious version of the legitimate software that was downloaded), there was a scheduled task created that referenced the "readme.txt", and a .cmd file that was created in the C:\Windows\Setup\Scripts\ directory that started a randomly named executable that once again, referenced the readme.txt file.

If I were hunting for this, I would start with scheduled tasks being created in my environment that may not match the naming convention established by my business. Enjoy the read and go get hunting! Happy Hunting!

RedLine info-stealer campaign targets Russian businesses through pirated corporate software
https://securityaffairs.com/171771/cyber-crime/redline-info-stealer-campaign-targets-russian-businesses.html

(You can find the original report in the link provided by this Security Affairs article.)

Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting Cyborg Security, Now Part of Intel 471