Cyber Threat Alert: Sandman Strikes Telecom Providers! ๐Ÿšจ

Sep 25 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like the Welsh lads treated the Aussies last night. With utter disrespect ๐Ÿ‰๐Ÿ˜ณ๐Ÿ˜‚

Todayโ€™s hottest cybersecurity news stories:

  • โณ Enter the โ€˜Sandmanโ€™: malware infects telecom providers in 3 continents ๐ŸŒŽ

  • ๐Ÿ•ต๏ธ To Catch a Predator: Egyptian ex-MP targeted with โ€˜Predatorโ€™ spyware ๐Ÿ›•

  • ๐Ÿจ Hotel hackers redirect guests to fake Booking.com to steal cards ๐Ÿ’ณ

Mr. Sandman, hack me a phone ๐ŸŽถ

Make it the sweetest that Iโ€™ve ever known ๐Ÿ’€

๐ŸŒ Cyber Threat Alert: Sandman Strikes Telecom Providers! ๐Ÿšจ

๐Ÿ‘€ In a recent revelation, a mysterious threat actor named Sandman has been discovered, launching cyber attacks on telecom providers across the Middle East, Western Europe, and South Asia. ๐Ÿ˜ฑ

๐Ÿ“ก These attacks are stealthy and sophisticated, using a just-in-time compiler called LuaJIT to deploy a new implant named LuaDream. SentinelOne's security researcher Aleksandar Milenkoski says these intrusions involve strategic lateral movement and minimal engagement, indicating a deliberate approach to avoid detection.

๐Ÿ” Although the attacker's identity remains a mystery, evidence suggests a cyber espionage adversary targeting the telecom sector globally. These attacks surfaced in August 2023 and have been ongoing for weeks.

๐Ÿ” LuaDream's unique staging chain makes it hard to detect and analyze. It leverages LuaJIT to execute malicious Lua script code directly into memory. The prep work for this malware dates back to June 2022.

๐Ÿฆ  LuaDream appears to be a variant of a new malware strain known as DreamLand, described by Kaspersky as using Lua scripting language and JIT compiler for malicious code execution.

๐Ÿ›ก๏ธ Lua-based malware is rare, having been seen only three times since 2012. This modular backdoor has anti-debugging capabilities and communicates through various protocols.

๐Ÿ’ป Stay vigilant! Cyber threats like Sandman are ever-evolving, and the telecom sector remains a target.

In related news, Chinese threat actors are launching strategic intrusions in Africa, targeting telecom, finance, and government sectors. ๐ŸŒ

Stay secure, and keep an eye on your digital world! ๐Ÿ‘๏ธ๐ŸŒ

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

I'm Chris Hansen from Dateline NBC. Why don't you have a seat? ๐Ÿ‘€

๐Ÿ” Former Egyptian MP attacked with Predator Spyware by own government! ๐Ÿ“ฑ

๐Ÿ“… On September 21, 2023, Apple addressed three zero-day vulnerabilities used in an iPhone exploit chain targeting Ahmed Eltantawy, a former Egyptian member of parliament. ๐Ÿ˜ฎ

๐Ÿ•ต๏ธโ€โ™‚๏ธ The attack, attributed with high confidence to the Egyptian government, aimed at Eltantawy after he announced plans to run for President in the 2024 Egyptian elections.

๐Ÿ’Œ The spyware, known as Predator, was delivered via SMS and WhatsApp links, infecting Eltantawy's phone when he visited non-HTTPS websites.

๐Ÿ›ก๏ธ The exploit chain used three vulnerabilities to bypass security and execute code on the targeted device.

๐Ÿ“ฃ Predator, developed by Cytrox, is similar to NSO Group's Pegasus and is part of the Intellexa Alliance, which was blocklisted by the U.S. government for human rights abuses.

๐Ÿ’ป The attack involved a complex network injection attack, redirecting Eltantawy to malicious sites.

๐Ÿšจ Google TAG researcher Maddie Stone explained it as an adversary-in-the-middle (AitM) attack, exploiting HTTP sites to redirect victims.

๐Ÿ“ฉ Eltantawy received SMS and WhatsApp messages with disguised links that led to spyware installation.

๐Ÿšซ To stay safe from such attacks, it's crucial to keep devices updated and enable Lockdown Mode on Apple devices.

๐ŸŒ This incident highlights the need for encryption and cybersecurity vigilance in the ever-evolving digital landscape.

Stay secure, and watch out for suspicious messages! ๐Ÿ‘๏ธ๐Ÿ“ฒ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ’Šย HealthHack:ย Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.ย 

  • โ‚ฟ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • ๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

Book โ€˜em, boys

๐Ÿจ Beware of Sneaky Hotel Booking Scams! ๐Ÿ’ณ

๐Ÿ‘พ Security researchers have uncovered a crafty information-stealing scheme targeting hotels, booking sites, and travel agencies. Here's what you need to know to stay safe! ๐Ÿ˜ฑ

๐Ÿšช The Hackers' Entry: Cybercriminals breach these travel-related systems and then set their sights on customers' financial data.

๐Ÿ’ผ Indirect Approach: To up their success rate, they use a fake Booking.com payment page, making it tricky to spot their tricks.

๐Ÿงฉ Phishing Masterclass: These attacks begin innocently, often involving a reservation query or referencing an existing booking. Then, the criminals create a compelling reason, like a medical condition, to send important documents via a URL.

๐Ÿฆ  Stealthy Malware: The URL leads to sneaky info-stealing malware designed to quietly collect your sensitive data, like credentials and financial info.

๐Ÿ’Œ The Customer Target: After hitting the hotel or agency, the hackers gain access to legit customer messages. Then, they send phishing messages that look just like official requests for credit card verification. These messages are written professionally, making them appear completely genuine.

๐Ÿ›ก๏ธ Top Tips:

  • ๐Ÿšซ Don't click unsolicited links, even if they seem legit.

  • ๐Ÿง Be suspicious of urgent messages demanding immediate action.

  • ๐ŸŒ Check URLs for signs of deception.

  • โœ‰๏ธ To be sure, contact the company directly using official email addresses or phone numbers to verify messages.

Stay savvy and outsmart those cyber tricksters! ๐ŸŒŸ

So long and thanks for reading all the phish!

Recent articles