Industries affected by underground Telegram networks

Aug 04 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that guts cybercrime like Elon gutted Twitter #eXed

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! Check out these just freshly hatched patches!! 🩹🩹🩹

🔒 WordPress Ninja Forms Plugin Vulnerabilities Alert! 🔒

🚨 Multiple security flaws found in the Ninja Forms plugin for WordPress (versions 3.6.25 and below) could lead to privilege escalation and data theft. Over 800,000 sites are affected. 🚨

🔓 The vulnerabilities (CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393) include a reflected cross-site scripting (XSS) issue and broken access control flaws, potentially exploited by unauthenticated users to gain privileges or export sensitive data.

🛡️ To safeguard your site, update to Ninja Forms version 3.6.26. Stay protected from potential threats! 🛡️

Now on to today’s hottest cyber security stories:

  • 🏭 Top industries significantly affected by underground Telegram networks 🌐

  • ☁️ Iranian ‘Cloudzy’ accused of aiding cybercriminals, state-backed hackers 💀

  • 📙 New ‘WikiLoader’ malware used to install ‘Ursnif’ trojan 🐎

TeleSCAM 😳

📢🕵️‍♀️ Illicit Activities on Telegram: Impact on Industries 📢🕵️‍♀️

The rise of illicit activities within online messaging platforms, especially Telegram, is a growing concern for various industries. Criminals find Telegram attractive due to its accessibility, popularity, and user anonymity, leading to an increase in cyberattacks and data leaks worldwide. 📈💻🌍

🛡️ Common Illicit Activities on Telegram 🛡️

Telegram's popularity has given rise to various illicit channels and communities engaging in illegal activities:

  • Carding: Criminals steal credit card information through phishing, skimming, and data breaches, selling it on Telegram channels for profit. Collaboration among criminals amplifies the impact. 💳🧠💰

  • Bank Account Logins (bank logs): Stolen bank account details are traded on Telegram, offering high payouts and low risk for criminals. Data can come from phishing attacks or data breaches, including logins for digital payment apps and online services. 🏦🔐💸

  • Botnets: Malicious botnets, networks of compromised devices controlled by a central server, are used for illegal purposes. Criminals find Telegram convenient for sharing and selling botnets, expanding their reach and attack vectors. 🤖🕸️🌐

🚀 Top Industries Impacted 🚀

While any industry can fall victim to these activities, some are particularly affected:

  • Financial Sector: Credit card fraud and bank logins jeopardize financial institutions and their customers. 💼💳💻

  • E-commerce: Data breaches and stolen credentials impact online shopping and digital transactions. 🛍️💻🔐

  • Entertainment: Streaming platforms and digital content providers face piracy and data breaches. 🎥🔒💽

🔒 Minimising Impact on Organizations 🔒

To safeguard against these threats:

  • Implement robust cybersecurity measures and stay updated on the latest threats. 🛡️🔒🔍

  • Educate employees about phishing and other social engineering tactics. 📚🎓

  • Monitor and report suspicious activities on Telegram and other communication platforms. 📞🚨

  • Collaborate with law enforcement to combat cybercrime. 👥👮‍♂️

Stay vigilant and protect your business from the growing challenges of online threats! 🚀👀

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Step aside, Stormzy 😂

🌐🤖 Cloudzy: Obscure Iranian Company Facilitating Cybercrime 🌐🤖

The Iranian company Cloudzy is enabling multiple threat actors, including cybercrime groups and nation-state crews, by offering services that act as a command-and-control provider (C2P).

Though incorporated in the U.S., Cloudzy is believed to operate from Tehran, potentially violating U.S. sanctions. 👥💼💻

Texas-based cybersecurity firm Halcyon reported that Cloudzy provides attackers with Remote Desktop Protocol (RDP) virtual private servers and other anonymized services used in cybercriminal endeavours, including ransomware attacks.

The C2P model allows them to avoid liability for illegal operations performed through their infrastructure. 🚫🛡️

This highlights the evolving ransomware-as-a-service (RaaS) business model, involving core developers, affiliates carrying out attacks for a cut, and initial access brokers selling exploited vulnerabilities or stolen credentials to affiliates.

The rise of C2P providers signifies a new set of actors unknowingly supporting cybercrime activities. 🕵️‍♂️💰

As the cyber threat landscape evolves, businesses and organisations must stay vigilant against these clandestine facilitators and strengthen their cybersecurity defences. 🛡️🔒 Stay informed to protect your data and networks! 📚🔍

🗞️ Extra, Extra! Read all about it 🗞️

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

💸 The MoneyFitt Morning: A daily heads-up on what's important in investing & business. Loved by investors of all levels.

📈 Trends.vc: Discover new markets and ideas. Join 55,248 founders using this free newsletter to stay ahead.

😈 The API Hacker Inner Circle: Join a community of developers, testers, and hackers who are upskilling their API hacking tradecraft

Let us know what you think!

Don’t get Ursniffed out! 👃

🔍🦠 WikiLoader Malware: A Growing Threat in the Wild 🔍🦠

📢 Proofpoint researchers have identified a new malware called WikiLoader, actively spreading in the wild. The name originates from its tactic of making requests to Wikipedia to stay undetected during the infection process. 🕵️‍♂️🌐

📈 Key Findings 📈

WikiLoader has targeted at least eight Italian organisations since December 2022.

The malware is delivered through email campaigns with Microsoft Excel, Microsoft OneNote, or PDF attachments, leading to the download of Ursnif as a follow-on payload.

It has been associated with both TA544 APT and TA551 APT, suggesting multiple threat actors are using it.

🔍 Variants of WikiLoader 🔍

Three versions of WikiLoader have been identified, indicating active development.

The first version, attributed to TA544, used limited APIs and no string encoding within Shellcode layers.

The second version, observed on February 8, 2023, employed more complex structures and stalling mechanisms to evade analysis.

The third version, discovered on July 11, 2023, targeted various organisations and used zipped JavaScript files with additional modules for compromising web hosts and exfiltrating host information.

⚠️ Stay Vigilant and Safe ⚠️

As WikiLoader's usage by different threat actors evolves, it may become a tool for delivering more malware payloads in the future, potentially affecting organisations as Initial Access Brokers (IABs). 🛡️🌐

Network defenders must use Indicators of Compromise (IOCs) to understand current attack patterns and enhance defence strategies against this emerging threat. 🛡️🔍

Stay informed and protected! 😊👍

Thanks for reading ladies and gents and have a good weekend!!

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he's your Dawg, he got you.

MONDAY: Call of Duty players hacked

TUESDAY: Fruity trojan hack

WEDNESDAY: Space pirates on the loose

THURSDAY: Watch your tempur

footer graphic cyber security newsletter

Recent articles