#SentinelLABS researcher #TomHegel writes about an extension of the long-running #Ghostwriter campaign targeting opposition activists in #Belarus as well as #Ukrainian military and government organizations with weaponized #Excel documents lures.
#SentinelLabs ha descubierto como BlueNoroff (subgrupo de hackers norcoreanos que pertenecen a Lazarus Group) ha lanzado la campaรฑa 'Hidden Risk' dirigida a usuarios de #macOS
The #AcidPour malware is a new variant of #AcidRain targeting #Linux x86 systems in #Ukraine, as discovered by #SentinelLabs researchers. Unlike its predecessor designed for #MIPS architecture, AcidPour specifically targets x86 Linux distributions such as #Ubuntu, #Mint, #Fedora, and #Debian. It introduces new capabilities, including references to Unsorted Block Images (#UBI) and #Logical Volume Manager (LVM) virtual block devices, suggesting an expansion in the range of potential targets. AcidPour's distinct codebase and wiping logic, particularly for devices like LVMs, indicate an evolved threat strategy. Despite the evolving nature of malware threats, SentinelLabs has alerted stakeholders in Ukraine, though the full scope and specific targets of AcidPour remain undisclosed. Users and organizations are advised to enhance cybersecurity measures and educate on phishing and malware threats.
Source: New AcidRain Linux Malware Variant โAcidPourโ Found Targeting Ukraine
"๐ Unveiling Sandman APT: The Silent Menace Targeting Global Telcos ๐ฏ"
SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.
Source: SentinelOne Labs
Tags: #SandmanAPT #LuaDream #TelecomSecurity #CyberEspionage #ThreatActor #CyberSecurity #LuaJIT #SentinelLabs #APT ๐๐๐ฏ
Indicators of Compromise (IoCs):
Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.
"๐ฅ CapraTube Alert! Transparent Tribe's Sneaky Move ๐บ๐ฒ"
Transparent Tribe, a suspected Pakistani actor, has unveiled CapraTube, a deceptive Android application that mimics YouTube. SentinelLabs discovered three Android application packages (APKs) linked to Transparent Tribe's CapraRAT mobile remote access trojan (RAT). These apps give the illusion of being YouTube but are far less feature-rich than the genuine Android YouTube app.
CapraRAT is a potent tool, granting attackers control over vast amounts of data on infected Android devices. This RAT has been used for surveillance against targets related to the disputed Kashmir region and human rights activists focusing on Pakistan. The group distributes these Android apps outside the Google Play Store, using self-hosted websites and social engineering to lure users into installing weaponized applications.
In 2023, the group spread CapraRAT Android apps disguised as a dating service that carried out spyware activities. One of the newly identified APKs connects to a YouTube channel owned by Piya Sharma, suggesting the actor continues to employ romance-based social engineering tactics.
Key features of CapraRAT include:
For those in the India and Pakistan regions linked to diplomatic, military, or activist matters, it's crucial to be cautious of this actor and threat. Always be wary of apps outside the Google Play store and evaluate the permissions they request.
Source: SentinelOne Labs
Tags: #CapraTube #TransparentTribe #CapraRAT #CyberSecurity #AndroidMalware #SentinelLabs #MobileSecurity #APT ๐๐๐ฑ
Author: Alex Delamotte.
๐ New on #SentinelLabs! .NET malware loader, dubbed MalVirt, is being distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign. By @milenkowski and @hegel
https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
๐จ๐ณ New on #SentinelLabs: Cluster of attacks in East Asia, DragonSpark uses open-source tool #SparkRAT & malware evading detection through #Golang source code interpretation. By
@milenkowski ๐โ
๐ฅ New on #SentinelLabs! #NoName057(16) group carries #DDoS attacks on ๐บ๐ฆ Ukraine, #NATO organizations, & other government orgs.
@LabsSentinel has identified #Telegram channels, a #DDoS payment program, & a toolkit on #GitHub. By @hegel & @milenkowski ๐โ
Phil Stokes
เฆ
เฆฐเงเฆเงเฆฏ ๐๐ ๐ป
Tech Cybersecurity Nieuws
mecambioaMac 
๐ก 
โ
SentinelLabs
