Fake reporters from APT42 harvest credentials

May 09 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s gotta catch ‘em all! 🐣🐲👾

Today’s hottest cybersecurity news stories:

  • 📰 Jour-no, thanks! Fake reporters from APT42 harvest credentials 👨‍🌾

  • 🔮 Can you guess who it is yet? Tonight, Matthew, I am Dmitry Khoroshev 🕵🏻‍♂️

  • 🎃 Bleepy Hollow… Hijack loader employs process ‘hollowing’, UAC bypass 🚧

Hackers: I’m in the APT, yeah you know me! 🎤📀🔥

🚨 Iranian Hackers Targeting NGOs and Media Outlets! 🕵️‍♂️

In a recent report by Mandiant, it's been revealed that APT42, a notorious Iranian hacking group, is up to their old tricks again. This time, they're using advanced social engineering schemes to breach target networks and cloud environments. 😱

Who's in the Crosshairs? 🎯

Targets of these cyberattacks include Western and Middle Eastern NGOs, media organisations, academia, legal services, and activists. APT42 is cleverly posing as journalists and event organisers to build trust with their victims, delivering invitations to conferences or legit documents in the process. 📰✉️

What's the Game Plan? 🤔

Once they've gained a victim's trust, APT42 harvests credentials to sneak into cloud environments. From there, they covertly snatch sensitive data and exfiltrate it back to Iran. 😈 But here's the kicker: they're doing it all while flying under the radar using built-in features and open-source tools. 🕵️‍♂️🔒

APT42 Unmasked! 🎭

First identified in September 2022, APT42 is affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC). They're a subset of another notorious group, APT35. While APT35 focuses on long-term, malware-heavy operations, APT42 zeroes in on specific individuals and organisations to serve Iran's domestic and foreign interests. 🌍🔓

Stay Vigilant, Stay Safe! 🛡️

As APT42's cyber espionage campaigns evolve, it's crucial to stay one step ahead. Watch out for phishing emails and suspicious links, and always beef up your cybersecurity defences. Together, we can keep our networks secure! 💪

They done him Dmitry 💀💀💀 Tbf, he was chomping at the LockBit 😬

🚨 UK NCA Busts LockBit Ransomware Mastermind! 💣

In a stunning turn of events, the UK National Crime Agency (NCA) has unveiled the face behind the notorious LockBit ransomware operation. Meet Dmitry Yuryevich Khoroshev, a 31-year-old Russian national who's been wreaking havoc in the digital realm. 😱🕵️‍♂️

The Man, The Myth 🎭

Khoroshev, also known as LockBitSupp and putinkrab, has been slapped with sanctions from the U.K., U.S., and Australia for his nefarious deeds. With over 2,500 decryption keys in hand, authorities are reaching out to LockBit victims to offer support and bring justice to those affected. 🔐💰

Charges Galore! ⚖️

The Department of Justice (DoJ) has dropped a whopping 26 charges on Khoroshev, including conspiracy to commit fraud, extortion, and intentional damage to protected computers. If convicted, he could be staring down the barrel of a 185-year prison sentence. 😱💼

The LockBit Legacy 🌍

LockBit, once a titan in the ransomware underworld, has been dismantled thanks to a coordinated operation dubbed Cronos. Despite attempts to resurface, their global threat has been significantly diminished, with only 69 active affiliates remaining. Victory for cyber defenders everywhere! 🛡️🎉

🎣 Catch of the Day!! 🌊🐟🦞

Stay ahead of the curve with Presspool.ai! 🚀 Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." 🤓💡 That’s us, alright! 🤵 How about you? Visionary AI executive, much? 👀

And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business 🤖👩‍💻🌐

Rest assured, the process is very straightforward.

You simply:

🆕 Sign Up & Create Campaign

📊 Define your audience, budget, and message to captivate your audience.

🚀 Launch your campaign, as Presspool’s AI matches it with ideal newsletter audiences for optimal reach and conversions. 🎯

🕵️ Finally, you leverage real-time analytics to track performance and refine future strategies. 📈 Elevate your marketing game and stay informed with Presspool.ai! 🌟 Simples! 🦦

Presspool.ai 📰🏊🤖 may just have what you need to succeed. And if the product isn’t for you, the newsletter alone is a gamechanger. And we know newsletters 😉

Hijack? Bye Jack! 🙃

🚨 Hijack Loader Malware Evolves with Stealthier Tactics! 🛡️

A revamped version of the notorious malware loader, Hijack Loader, is making waves with its upgraded stealth capabilities. According to Zscaler ThreatLabz researcher Muhammed Irfan V A, this latest iteration boasts enhanced anti-analysis tricks to slip past detection systems unnoticed. 🕵️‍♂️🔒

A Closer Look at Hijack Loader: 🦠

Originally dubbed IDAT Loader, Hijack Loader first emerged on the cyber scene back in September 2023. Since then, it's been the go-to conduit for various malware families, including Amadey, Lumma Stealer, and Remcos RAT, among others. 😱💻

PNG Decryption Technique Unveiled! 🖼️

What sets this new version apart is its ingenious use of a PNG image to decrypt and load the next-stage payload. This technique, pioneered by Morphisec, adds another layer of complexity to the malware's operation, making it even trickier to detect. 🎨🔓

The Arms Race Continues! 💥

As cyber threats evolve, so too must our defences. With malware campaigns on the rise, it's crucial to stay vigilant against emerging threats like Hijack Loader. But fear not! Together, we can outsmart even the most cunning cyber adversaries. 🛡️🌐

Stay tuned for more updates as the cybersecurity saga unfolds! 💻🔒

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles