Multiple RATs Distributed in Phishing Campaign Leveraging Fake Meeting Invitations

On March 5, 2023, Zscaler researchers reported details of a sophisticated phishing campaign they attribute to a single threat actor, leveraging fake meeting invitations for popular video conference tools to spread remote access trojans (RATs). Community Impact The RH-ISAC intelligence team assesses that this and similar campaigns constitute a moderate threat to the RH-ISAC community….

Read More

BlackCat/ALPHV Claims Responsibility for Change Healthcare Ransom

Executive Summary The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform, the largest pharmacy payment exchange platform. This declaration of responsibility, which has since been removed on the BlackCat/ALPHV’s facing site, come as the United States…

Read More

LockBit Ransomware Operations Significantly Disrupted by Recent Law Enforcement Operations; Descriptor Tool Updated

An international law enforcement operation led by Britain’s National Crime Agency and the United States Federal Bureau of Investigations has arrested and indicted two members of the LockBit ransomware gang and seized significant portions of its internal infrastructure. Several components of LockBit services are still operational, including its data sharing component, which publishes data of victims who fail to pay. Community…

Read More

Microsoft Warns of Critical Exchange Server Flaw Under Active Exploitation

Context On February 13, 2024, Microsoft acknowledged an actively exploited critical security flaw in Exchange Server, identified as CVE-2024-21410 with a CVSS score of 9.8. The vulnerability involves privilege escalation impacting Exchange Server, allowing attackers to further exploit NT (New Technology) LAN Manager (NTLM) credentials-leaking vulnerabilities in Outlook. The leaked credentials can be relayed against the Exchange server to gain higher privileges and…

Read More

Check Point Researchers Report New Raspberry Robin Use of 1-Day LPE Exploits

Context Security Researchers from Check Point have released a public report, Raspberry Robin Keeps Riding the Wave of Endless 1-Days, detailing new intelligence and technical analysis of the threat actor known as Raspberry Robin. Key findings from the report include the usage of two new 1-day Local Privilege Escalation (LPE) exploits by Raspberry Robin before public…

Read More