Cybersecurity Alert: Sapphire Sleet Unleashes New Tactics! ????

Nov 13 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that battles more cybercrime than the UK battles storms. #Babet #Ciaran #Debi ???????????? Geez do we have to name Every. Single. One? ???? #ClimateCrisis ????

Today’s hottest cybersecurity news

  • ⚠️ Job seekers beware! ‘Sapphire Sleet’ fakes skills assessment portals ????‍????

  • ???? Enter the Sandworm! Russian hackers cause Ukrainian power outage ⚡

  • ???? Meow! Iranian ‘Imperial Kitten’ hackers target Middle Eastern tech ????

“You’re Sapphired!” ????????️???? #TheApprentice

 

giphy.com

 

???? Cybersecurity Alert: Sapphire Sleet Unleashes New Tactics! ????

???? Brace yourselves for a cybersecurity showdown! The notorious Lazarus Group’s sub-cluster, Sapphire Sleet, has upped the ante by deploying a fresh strategy.

They’ve established deceptive skills assessment portals, a clever ploy in their latest social engineering campaigns. This shift in tactics, as identified by Microsoft, demands our attention. ????️‍♂️

???? Karma, karma, karma, karma, karma chameleon ????

???? Operating under aliases such as APT38, BlueNoroff, CageyChameleon, and CryptoCore, Sapphire Sleet specialises in cryptocurrency theft through cunning social engineering tactics. Their track record speaks volumes. ????️

???? Recent findings by Jamf Threat Labs uncovered a connection between Sapphire Sleet and a new macOS malware named ObjCShellz. This malware acts as a late-stage payload, working hand-in-hand with another macOS threat, RustBucket.

???? Bloody jobsworths! ????

???? Targeting prominent professional platforms like LinkedIn, Sapphire Sleet baits victims with promises of skills assessment. Microsoft’s Threat Intelligence team revealed that successful communications are discreetly moved to other platforms, complicating detection efforts.

???? In a bid to outsmart cybersecurity measures, Sapphire Sleet has expanded its network of malicious websites. Recruiters are lured into registering on these sites, which are cunningly password-protected to impede analysis.

???? Stay vigilant! Exercise caution with unsolicited communications and dubious skills assessment portals. Keep your cybersecurity shields up, and let’s stay one step ahead of Sapphire Sleet! ????????️

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

The early nerd catches the Sandworm ????????????

 

giphy.com

 

???? Sandworm’s Cyber Siege on Ukraine! Power Grid Hit in Multi-Event Attack! ⚡

Last year, the notorious Russian hacking group, Sandworm, aimed its digital arsenal at a critical Ukrainian electrical substation, resulting in a significant power outage in October 2022. ????

Revelations by Google’s Mandiant describe the assault as a “multi-event cyber attack,” with Sandworm employing innovative techniques to manipulate industrial control systems (ICS). The initial strike used OT-level living-off-the-land (LotL) methods, coinciding with widespread missile strikes on Ukraine’s critical infrastructure. ????????

???? Enter Sandworm ????

In a cunning follow-up, Sandworm unleashed chaos by deploying a new variant of CaddyWiper in the victim’s IT environment, adding a layer of complexity to the attack. ????????

Crucial details like the location, duration of the blackout, and the number affected remain shrouded in secrecy. Sandworm’s disruptive history in Ukraine’s power grid traces back to 2015, employing malware such as Industroyer. ????️‍♂️????

???? Let’s get cyber-physical, physical ????

While the initial vector for the cyber-physical assault remains unclear, the intrusion likely occurred around June 2022. Sandworm infiltrated the operational technology (OT) environment through a hypervisor housing supervisory control and data acquisition (SCADA) management.

On October 10, 2022, an optical disc loaded with malware triggered an unscheduled power outage. ⚡????

This alarming attack coincided with a series of missile strikes, underscoring Sandworm’s immediate threat to Ukrainian critical infrastructure. Mandiant urgently calls on global asset owners utilising MicroSCADA products to fortify defences against Sandworm’s evolving tactics. ????️????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)


???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)


???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

They’re after the whole Kitten and kaboodle… of Middle Eastern tech ????

???? Cybersecurity Alert: Iranian-Linked Group Strikes in the Middle East! ????

In October 2023, a group tied to Iran intensified cyber attacks on transportation, logistics, and technology sectors in the Middle East, including Israel, amid heightened cyber activity since the Israel-Hamas war onset. ????

Attributed by CrowdStrike to threat actor Imperial Kitten (aka Crimson Sandstorm, TA456, Tortoiseshell, Yellow Liderc), the attacks, ongoing since 2017, fulfil Iranian strategic intelligence needs linked to IRGC operations. Social engineering, job recruitment-themed content, and custom .NET-based implants characterise their modus operandi.

???? Iran’s Gone Phishing ????

Attack chains utilise compromised Israeli-related websites for profiling visitors using bespoke JavaScript. Tactics include watering hole attacks, one-day exploits, stolen credentials, phishing, and targeting IT service providers. ????????

Phishing campaigns leverage macro-laced Excel docs to deploy a Python-based reverse shell, while post-exploitation involves lateral movement via tools like PAExec and NetScan.

???? I smell a RAT ????

Remote access trojans (RATs) use Discord for command-and-control, with malware like IMAPLoader persisting as a Windows Service named Keyboard Service.

Microsoft notes Iranian cyber activity post-war as reactive and opportunistic, emphasising propaganda efforts. In parallel, revelations reveal a Hamas-affiliated threat actor, Arid Viper, targeting Arabic speakers with Android spyware SpyC23.

Stay vigilant against evolving cyber threats, folks! ????️???? Until next time ✌️

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles