Threat Intelligence - RH-ISAC Blog

Context On December 13, 2023, the United States Federal Bureau of Investigation, Cybersecurity & Infrastructure Security Agency, National Security Agency, Polish Military Counterintelligence Service, Community Emergency Response Team Polska, and the United Kingdom’s National Cyber Security Centre released a report that assessed that cyber actors associated with the Russian Foreign Intelligence Service (SVR), also known…

In North America and Europe, Black Friday and Cyber Monday have become an annual tradition for retailers — and consumers — to kick off the holiday shopping season. As a result of promotions and seasonal specials, items for sale during Cyber Week may be in limited supply and attract the attention of bot operators looking…

On December 5, 2023, industrial and operational technology security vendor TXOne Networks disclosed details of 10 unpatched vulnerabilities in building automation products made by Austrian company Loytec. Context According to reports, TXOne researchers discovered the vulnerabilities over two years ago. According to reports, “The vulnerabilities are related to usernames and passwords being transmitted or stored…

On November 20, 2023, Cofense researchers published a report on a phishing campaign spreading DarkGate and Pikabot that is leveraging tactics previously used to deploy QakBot. Context Cofense researchers stated, “This campaign disseminates a high volume of emails to a wide range of industries, and due to the loader capabilities of the malware delivered, targets…

Context On October 24, 2023, Kaspersky researchers released a report on several cyber threats, including the GoPIX infostealer malware campaign, which they assess has been active since December 2022. Technical Details According to Kaspersky: “GoPIX is a typical clipboard stealer malware that steals PIX “transactions” used to identify payment requests and replaces them with a…

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying how threat actors conduct attacks, the methodologies used, and what organizations can do to protect themselves from specific types of attacks. The report, 2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence…

On September 11, 2023, SentinelOne researchers reported the technical details a campaign targeting unspecified businesses that operate macOS in their environments with a series of infostealers written in Go they dubbed the “MetaStealer” family. Context According to the report, the campaign has been “proactively targeting macOS businesses by posing as fake clients in order to…

Context On August 22, 2023, researchers at ESET released the technical details of the Spacecolon toolset, which they observed being leveraged in multiple campaigns to deploy the Scarab ransomware against multiple industries. According to the report, the campaigns are not specifically targeted, but are opportunistic in nature. Known targets include “a hospital and a tourist…

On August 14, 2023, the threat actor managing Raccoon Stealer announced the return of the tool after a six-month break, as well as an updated version 2.3.0 with updates based on “feedback and analysis of customer requirements and market trends.” Context On August 15, 2023, researchers at Cyberint reported technical details of a resurgent campaign…

Context On August 9, 2023, Akamai researchers reported a campaign they dubbed “Xurum,” which leverages the “patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.” Technical Details Key takeaways from the Akamai report include: “We have observed activity in…