Article Contents
All industries rely on the software supply chain these days. Many industries have tools in common, especially well-entrenched packages that are free and open source. So it’s not surprising that cyber criminals would be active in weaponizing widely used tools and then enticing their would-be victims to install their version of the weaponized downloads.
Microsoft offers quite a bit of detail into ZINC, including Indicators of Compromise:
ZINC weaponizing open-source software.
This repeats past patterns of being as stealthy as possible by never using DNS to make outgoing connections. The weaponized tools reach out directly to IP addresses. Just need to point out Don’t Talk To Strangers (DTTS) prevents all such connections.
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.
Read More: ZINC weaponizing open-source software
Microsoft Confirms Exploitation of Two Exchange Server Zero-Days.
It’s been no easy weekend for companies running their own Exchange Server. The only reason it may not be widely attacked yet is that these flaws require authenticated access in order to execute.
Microsoft has confirmed that it’s aware of two Exchange Server zero-day vulnerabilities that have been exploited in targeted attacks. The tech giant is working on patches.
Read More: Microsoft Confirms Exploitation of Two Exchange Server Zero-Days
‘It wasn’t’: Cyber Security Minister Clare O’Neil slaps down Optus’s claim that it suffered ‘sophisticated’ attack.
The temptation when executives craft a narrative, is to shift blame. This reminds us that when disclosure is required, we should be honest, as always. Otherwise, we’re lying and setting ourselves up for future distrust.
Speaking on television on Monday night, Cyber Security Minister Clare O’Neil brushed off one of Optus’s claims in the wake of its security breach.
Mystery hackers are “hyperjacking” targets for insidious spying.
Now this is truly sophisticated. Anyone running hypervisor infrastructure should be applying security mitigation as soon as possible.
After decades of warnings, group figured out how to hijack virtualization software.
Read More: Mystery hackers are “hyperjacking” targets for insidious spying
Chaos Is A Go-Based Swiss Army Knife Of Malware.
This has been widely installed already and you can see by the infection chain where the most logical place to stop it should be. At the C2 stage. Zero Trust connectivity will do that for us.
The potency of the Chaos malware stems from a few factors: first, it is designed to work across several architectures, including: ARM, Intel (i386), MIPS and PowerPC – in addition to both Windows and Linux operating systems. Second, unlike largescale ransomware distribution botnets like Emotet that leverage spam to spread and grow, Chaos propagates through known CVEs and brute forced as well as stolen SSH keys.
Did you know?
It’s easier than ever to get into the black hat hacking game when tools like the USB LAN turtle are sold as legitimate testing tools to covertly give the attacker remote access while just appearing like a normal USB ethernet adaptor. However, this means that cyber criminals can buy it too.
