The telecom sector in the Middle East has observed a growing number of cyberattacks in recent years. Of late, North Korean actors packaged a new backdoor threat named HTTPSnoop—and a sister implant—as part of Palo Alto Networks' Cortex XDR application in a sophisticated campaign against the Middle East. Separately, a new attack campaign has been identified targeting systems in Azerbaijan with Rust-based malware. Besides the malware, the MSI installer file drops an XML file for scheduled tasks and a decoy image file containing watermarks depicting the Azerbaijan Ministry of Defense.

Pig butchering scam swells! within three months, scammers illicitly harvested over $1 million from using 14 domains and impersonating dozens of legitimate sites, with one victim losing $22,000 through an online dating scheme.

Top Breaches Reported in the Last 24 Hours

65 Australian government agencies impacted

The April ransomware assault on HWL Ebsworth has exposed the data of 65 Australian government agencies, as disclosed by the national cybersecurity coordinator, Air Marshal Darren Goldie. The Russian-speaking ALPHV hacking group, also known as BlackCat, claimed responsibility and leaked 1.45 gigabytes of stolen law firm data in May. The incident impacted both government entities and numerous private sector clients.

Top Malware Reported in the Last 24 Hours

Stealthy backdoor used against telecoms

North Korean ShroudedSnooper group targeted telecommunication service providers in the Middle East using a stealthy backdoor called HTTPSnoop. This backdoor allows cybercriminals to execute content on infected endpoints by intercepting specific HTTP(S) URLs. Another component, PipeSnoop, accepts and executes arbitrary shellcode. While both components are used for initial access, PipeSnoop is likely employed for more valuable targets within compromised enterprises.

EMIN?M manages GuLoader and Remcos

A comprehensive investigation has unveiled a nefarious connection between GuLoader and Remcos with GuLoader helping Remcos bypass antivirus protection. GuLoader, in particular, poses a threat due to its ability to deliver malicious payloads undetected. The analysis highlights a covert ecosystem managed by an individual known as EMIN?M, who has been carrying out attacks using these tools to target accountants during the US tax season.

New campaign deploys Rust-based malware

A new campaign called Operation Rusty Flag was found deploying Rust-based malware on compromised systems, primarily targeting entities in Azerbaijan. The campaign employs multiple initial access vectors, including a modified document that may be an attempt to mislead investigators. Attackers use malicious LNK and Microsoft Office files to deliver payloads hosted on Dropbox. The malware, written in Rust, exhibits information-gathering capabilities and sends data to attacker-controlled servers.

New XWorm RAT variant

The latest iteration of XWorm RAT has surfaced with enhanced capabilities and staying power. Security researchers at ANY.RUN conducted a thorough examination, revealing that this malware variant initially spread via MediaFire within a password-protected RAR archive. When executed, it employed a range of tactics, including persistent startup directory shortcuts, task scheduler utilization, and installation in public directories. Notably, it attempted to evade sandbox analysis through virtualization detection, debugger checks, and Sandboxie identification.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Juniper Networks appliances

Threat intelligence firm VulnCheck has revealed details about a new exploit targeting a recently discovered Junos OS vulnerability (CVE-2023-36845) that affects Juniper's SRX series firewalls and EX series switches. The flaw allows unauthenticated attackers to execute code on vulnerable devices without creating files on the system, posing a significant risk to unpatched Juniper appliances. About 79% of the 3,000 devices analyzed were found to be vulnerable.

Top Scams Reported in the Last 24 Hours

Crypto-scammers siphon off $1 million

Malicious actors raked over $1 million in just three months, according to a report by Sophos. The sophisticated pig butchering scam, which utilizes fraudulent trading pools in decentralized finance (DeFi) applications, involves impersonating legitimate platforms and persuading victims to invest in these pools. One victim, 'Frank,' lost $22,000 to the scheme after falling for an online dating scam.