New SentinelLabs Research on WIP26 - https://s1.ai/WIP26

🟣 New actor targeting telco in the Middle East
🟣 Abuses Microsoft 365 Mail, Google Firebase, and Dropbox for C2
🟣 Targeted WhatsApp msgs -> Dropbox -> loader -> backdoors

by @milenkowski and team

ICYMI From Earlier in the Week:

Targeted Attacks Leverage Signed Malicious Microsoft Drivers

https://s1.ai/signed-ms

Summary:
​ SentinelOne has observed prominent threat actors abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.
​ Investigations into these intrusions led to the discovery of #POORTRY and #STONESTOP malware, part of a small toolkit designed to terminate AV and EDR processes.
​ We first reported our discovery to Microsoft’s Security Response Center (MSRC) in October 2022 and received an official case number (75361). On Tuesday, MSRC released an associated advisory under ADV220005. (https://msrc.microsoft.com/update-guide/vulnerability/ADV220005)
​ This research was released alongside Mandiant. Readers can find their blog here: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware

LABScon Replay -- Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure:

https://s1.ai/wRkFPH