Cybersecurity Alert: Sapphire Sleet Unleashes New Tactics! ๐Ÿšจ

Nov 13 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that battles more cybercrime than the UK battles storms. #Babet #Ciaran #Debi ๐Ÿ™„๐Ÿ˜ณ๐Ÿ˜ฉ Geez do we have to name Every. Single. One? ๐Ÿ™ƒ #ClimateCrisis ๐Ÿค“

Todayโ€™s hottest cybersecurity news

  • โš ๏ธ Job seekers beware! โ€˜Sapphire Sleetโ€™ fakes skills assessment portals ๐Ÿ‘จโ€๐Ÿ’ป

  • ๐Ÿ‰ Enter the Sandworm! Russian hackers cause Ukrainian power outage โšก

  • ๐Ÿˆ Meow! Iranian โ€˜Imperial Kittenโ€™ hackers target Middle Eastern tech ๐Ÿ“ก

โ€œYouโ€™re Sapphired!โ€ ๐Ÿ‘‰๐Ÿ•ด๏ธ๐Ÿ˜‚ #TheApprentice

 

giphy.com

 

๐Ÿšจ Cybersecurity Alert: Sapphire Sleet Unleashes New Tactics! ๐Ÿšจ

๐ŸŒ Brace yourselves for a cybersecurity showdown! The notorious Lazarus Group’s sub-cluster, Sapphire Sleet, has upped the ante by deploying a fresh strategy.

They’ve established deceptive skills assessment portals, a clever ploy in their latest social engineering campaigns. This shift in tactics, as identified by Microsoft, demands our attention. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

๐ŸฆŽ Karma, karma, karma, karma, karma chameleon ๐Ÿ‘€

๐Ÿ‘พ Operating under aliases such as APT38, BlueNoroff, CageyChameleon, and CryptoCore, Sapphire Sleet specialises in cryptocurrency theft through cunning social engineering tactics. Their track record speaks volumes. ๐Ÿ›ก๏ธ

๐Ÿ Recent findings by Jamf Threat Labs uncovered a connection between Sapphire Sleet and a new macOS malware named ObjCShellz. This malware acts as a late-stage payload, working hand-in-hand with another macOS threat, RustBucket.

๐Ÿ˜ก Bloody jobsworths! ๐Ÿค“

๐Ÿ’ผ Targeting prominent professional platforms like LinkedIn, Sapphire Sleet baits victims with promises of skills assessment. Microsoft’s Threat Intelligence team revealed that successful communications are discreetly moved to other platforms, complicating detection efforts.

๐Ÿ” In a bid to outsmart cybersecurity measures, Sapphire Sleet has expanded its network of malicious websites. Recruiters are lured into registering on these sites, which are cunningly password-protected to impede analysis.

๐Ÿšซ Stay vigilant! Exercise caution with unsolicited communications and dubious skills assessment portals. Keep your cybersecurity shields up, and let’s stay one step ahead of Sapphire Sleet! ๐Ÿ’ป๐Ÿ›ก๏ธ

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

The early nerd catches the Sandworm ๐Ÿ™ƒ๐Ÿ˜๐Ÿ˜‚

 

giphy.com

 

๐Ÿš€ Sandworm’s Cyber Siege on Ukraine! Power Grid Hit in Multi-Event Attack! โšก

Last year, the notorious Russian hacking group, Sandworm, aimed its digital arsenal at a critical Ukrainian electrical substation, resulting in a significant power outage in October 2022. ๐Ÿ’ป

Revelations by Google’s Mandiant describe the assault as a “multi-event cyber attack,” with Sandworm employing innovative techniques to manipulate industrial control systems (ICS). The initial strike used OT-level living-off-the-land (LotL) methods, coinciding with widespread missile strikes on Ukraine’s critical infrastructure. ๐Ÿ˜ฑ๐Ÿ’ก

๐ŸŽธ Enter Sandworm ๐Ÿค˜

In a cunning follow-up, Sandworm unleashed chaos by deploying a new variant of CaddyWiper in the victim’s IT environment, adding a layer of complexity to the attack. ๐ŸŒ€๐Ÿ’ฅ

Crucial details like the location, duration of the blackout, and the number affected remain shrouded in secrecy. Sandworm’s disruptive history in Ukraine’s power grid traces back to 2015, employing malware such as Industroyer. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”Œ

๐ŸŽถ Letโ€™s get cyber-physical, physical ๐Ÿ’€

While the initial vector for the cyber-physical assault remains unclear, the intrusion likely occurred around June 2022. Sandworm infiltrated the operational technology (OT) environment through a hypervisor housing supervisory control and data acquisition (SCADA) management.

On October 10, 2022, an optical disc loaded with malware triggered an unscheduled power outage. โšก๐Ÿ“€

This alarming attack coincided with a series of missile strikes, underscoring Sandworm’s immediate threat to Ukrainian critical infrastructure. Mandiant urgently calls on global asset owners utilising MicroSCADA products to fortify defences against Sandworm’s evolving tactics. ๐Ÿ›ก๏ธ๐ŸŒ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Theyโ€™re after the whole Kitten and kaboodleโ€ฆ of Middle Eastern tech ๐Ÿ˜

๐ŸŒ Cybersecurity Alert: Iranian-Linked Group Strikes in the Middle East! ๐Ÿšจ

In October 2023, a group tied to Iran intensified cyber attacks on transportation, logistics, and technology sectors in the Middle East, including Israel, amid heightened cyber activity since the Israel-Hamas war onset. ๐Ÿ’ป

Attributed by CrowdStrike to threat actor Imperial Kitten (aka Crimson Sandstorm, TA456, Tortoiseshell, Yellow Liderc), the attacks, ongoing since 2017, fulfil Iranian strategic intelligence needs linked to IRGC operations. Social engineering, job recruitment-themed content, and custom .NET-based implants characterise their modus operandi.

๐ŸŽฃ Iranโ€™s Gone Phishing ๐Ÿ‘€

Attack chains utilise compromised Israeli-related websites for profiling visitors using bespoke JavaScript. Tactics include watering hole attacks, one-day exploits, stolen credentials, phishing, and targeting IT service providers. ๐ŸŒ๐ŸŽฃ

Phishing campaigns leverage macro-laced Excel docs to deploy a Python-based reverse shell, while post-exploitation involves lateral movement via tools like PAExec and NetScan.

๐Ÿ€ I smell a RAT ๐Ÿ‘€

Remote access trojans (RATs) use Discord for command-and-control, with malware like IMAPLoader persisting as a Windows Service named Keyboard Service.

Microsoft notes Iranian cyber activity post-war as reactive and opportunistic, emphasising propaganda efforts. In parallel, revelations reveal a Hamas-affiliated threat actor, Arid Viper, targeting Arabic speakers with Android spyware SpyC23.

Stay vigilant against evolving cyber threats, folks! ๐Ÿ›ก๏ธ๐Ÿ’ป Until next time โœŒ๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles