Weekly Cybersecurity Digest: Top 5 News Stories in the Digital Sphere

1. Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

Recent reports reveal a new Chinese state actor, Storm-2077, targeting U.S. government agencies and NGOs since January 2024. This group has conducted cyber attacks across various sectors, including the Defense Industrial Base (DIB) and telecommunications.

Key Points

• Active Threat: Linked to TAG-100 by Recorded Future's Insikt Group.
• Attack Methods: (i) Uses phishing emails to steal credentials. (ii) Exploits internet-facing devices with malware like Cobalt Strike.

• Intelligence Operations: Focuses on exfiltrating sensitive emails and accessing cloud environments.

Google’s Action Against GLASSBRIDGE

Simultaneously, Google’s Threat Intelligence Group (TAG) has exposed GLASSBRIDGE, a pro-China information operation using fake news sites to spread aligned narratives.

• Blocking Efforts: Over a thousand inauthentic sites have been blocked since 2022.
• Operational Tactics: Run by digital PR firms masquerading as independent news outlets.

Read more

2. North Korean Hackers Steal $10M Using AI-Driven Scams on LinkedIn

A North Korea-linked cyber group, Sapphire Sleet, has reportedly stolen over $10 millionin cryptocurrency through sophisticated social engineering campaigns on LinkedIn. Microsoft has identified this threat actor as part of a broader network involved in illicit activities.

Key Findings

• Operational Tactics: (i) Fake Profiles: Sapphire Sleet creates fraudulent profiles on LinkedIn, posing as recruiters and job seekers to lure victims. (ii) Deceptive Meetings: The group often pretends to be venture capitalists, enticing targets into online meetings that lead to malware downloads.

• Malware Deployment: Victims are tricked into downloading malicious scripts (AppleScript or Visual Basic) that compromise their devices, allowing attackers to access sensitive information and cryptocurrency wallets.
• Recruitment Scams: The group has impersonated recruiters from financial firms like Goldman Sachs, directing targets to complete fake skills assessments that install malware on their systems.

Broader Implications: Microsoft highlights the use of North Korean IT workers abroad as a "triple threat," generating revenue through legitimate work while facilitating data theft and intellectual property acquisition. These workers often create fake profiles on platforms like GitHub and LinkedIn, employing AI tools to enhance their deception.

Read more

3. Major Crackdown on Cybercrime: 17,000 WhatsApp Accounts Blocked

In a significant move against cybercrime, the Indian Cybercrime Coordination Centre (I4C) and the Department of Telecommunications (DoT) have blocked over 17,000 WhatsApp accounts linked to fraudulent activities from Southeast Asia.

Key Details

• Fraudulent Networks: The blocked accounts were associated with cybercriminals operating from countries like Cambodia, Laos, Thailand, and Myanmar, often linked to fraudulent call centers tied to Chinese casinos.
• Scope of Action: This crackdown follows the earlier shutdown of 1.77 crore fraudulent mobile numbers used for scams. Over 50% of the blocked accounts had been active since January 2024.
• Digital Arrest Scams: Cybercriminals employed tactics such as "digital arrests," impersonating law enforcement officials to intimidate victims into transferring money.

Government Response

• Sukhjinder Singh Randhawa, a member of the Parliamentary Standing Committee on Home Affairs, expressed concerns over rising cyber fraud incidents and plans to address this issue in upcoming meetings.
• The operation was initiated after numerous complaints from victims, highlighting the urgent need for enhanced cybersecurity measures.

Read more

4. New Malware Campaign Uses BYOVD to Bypass Antivirus Protections

Cybersecurity researchers have identified a new malware campaign that exploits the Bring Your Own Vulnerable Driver (BYOVD) technique to disable antivirus protections and gain access to infected systems.

Key Insights

• Malware Mechanism: The malware drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to terminate security processes and gain control over the system. Initial Access: The attack begins with an executable file named kill-floor.exe, which registers the Avast driver as a service.
• Kernel-Level Access: Once operational, the malware can terminate up to 142 processes, including security software, by leveraging kernel-level privileges. This allows it to bypass most antivirus and endpoint detection solutions.

Growing Threat

• Rising BYOVD Attacks: BYOVD attacks have become increasingly common among cybercriminals, particularly in ransomware scenarios. They utilize signed but flawed drivers to evade detection and execute malicious actions.
• Previous Incidents: Earlier this year, Elastic Security Labs reported similar tactics used in the GHOSTENGINE malware campaign, which also exploited the Avast driver.

Read more

5. Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

A recent cyber attack has compromised approximately 2,000 Palo Alto Networks devices by exploiting newly disclosed vulnerabilities in the PAN-OS software. The attacks are primarily occurring in the U.S. and India.

Key Details

• Vulnerabilities Exploited: CVE-2024-0012: A critical authentication bypass flaw with a CVSS score of 9.3. CVE-2024-9474: A medium-severity privilege escalation vulnerability with a CVSS score of 6.9.
• Attack Methodology: Attackers exploit these vulnerabilities to gain administrator privileges and execute arbitrary commands, including deploying malware such as web shells and cryptocurrency miners.

Geographic Impact

• The majority of compromised devices are located in: United States: 554 devices India: 461 devices Other affected countries include Thailand, Mexico, Indonesia, Turkey, the U.K., Peru, and South Africa.

Read more

Stay ahead of the curve!🚀

Follow us on LinkedIn and Subscribe to our newsletter 📩 for the latest cyber security updates, insightful articles, and exclusive content to help you navigate the ever-changing threat landscape.

Don't forget to check out our Website 🌐 to make your cyberspace safe and secure 🔒, and join our growing community on Instagram 📸 for bite-sized cyber security tips and trends. 💻 🔍