Alleged Windows Zero-Day Exploited in the Wild to Bypass Security Warnings via JavaScript Files

Context On October 22, 2022, Bleeping Computer reported the technical details of a new Windows zero-day vulnerability that “allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings.” Bleeping Computer assesses that the zero-day was leveraged by ransomware threat actors to deliver the Magniber ransomware in a recent campaign. Technical Details…

Read More

APT41 Operation CuckooBees Campaign Continuation Leveraging Spyder Loader

Context On October 18, 2022, Symentec researchers reported an extension to the Operation CuckooBees campaign leveraging the Spyder Loader to target government organizations in Hong Kong. Community Impact Operation CuckooBees is publicly attributed to APT41 (also known as Winnti), a Chinese state-backed threat group based on tactics, techniques, and procedures (TTPs). The campaign was initially…

Read More

RH-ISAC Launches Community MISP Instance

The RH-ISAC is officially launching a community Malware Information Sharing Platform (MISP) instance for our core members. By utilizing an open-source threat intelligence platform (TIP) like MISP, we can share, store, enrich, vet, correlate, and analyze our shared intelligence. MISP includes many galaxy clusters containing the MITRE ATT&CK framework, Threat Actors, and Tools, to name…

Read More

Magniber Ransomware Campaign Targets Home Users using JavaScript

A new campaign is targeting home users using impersonated software updates leveraging JavaScript to deliver the Magniber Ransomware. Context On October 13, 2022, HP security researchers reported the technical details of a current campaign leveraging JavaScript files impersonating legitimate Windows Security updates to infect home users with the single-client Magniber ransomware. Technical Details HP researchers…

Read More

Pro-Russian Threat Group Targets U.S. Airports’ Websites with DDoS Attacks

On October 10, 2022, the threat group “KillNet” claimed a number of denial-of-service (DDoS) attacks against websites of several major airports in the U.S. Context Airport sites targeted in the campaign include the Hartsfield-Jackson Atlanta International Airport (ATL), the Los Angeles International Airport (LAX), the Chicago O’Hare International Airport (ORD), the Orlando International Airport (MCO),…

Read More