May 24 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that pulls no punchesβ¦ Unlike Tyson Fury π₯π₯π₯
Itβs Friday, folks, which can only mean one thingβ¦ Itβs time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, thatβs it.
Congrats, the cybercriminals are no matchβ¦ for your patch! π©Ήπ©Ήπ©Ή
π¨ Ivanti Urges Immediate Updates to Fix Critical Security Flaws! π
Ivanti has released crucial patches for multiple critical vulnerabilities in Endpoint Manager (EPM) that could lead to remote code execution. π‘οΈ Six of these flaws (CVE-2024-29822 to CVE-2024-29827, CVSS 9.6) involve SQL injection vulnerabilities allowing unauthenticated attackers on the same network to execute arbitrary code. The other four (CVE-2024-29828 to CVE-2024-29830, CVE-2024-29846, CVSS 8.4) require the attacker to be authenticated.
Additionally, a high-severity flaw in Avalanche version 6.4.3.602 (CVE-2024-29848, CVSS 7.2) has been patched, preventing remote code execution via a specially crafted file upload. Other fixes include vulnerabilities in Neurons for ITSM, Connect Secure, and the Secure Access client for Windows and Linux.
Ivanti emphasises that there is no evidence these flaws have been exploited in the wild. Users are strongly advised to update to the latest versions immediately to protect their systems. π οΈ
Now, on to todayβs hottest cybersecurity news stories:
π΅οΈ Chinese espionage group targets Africa & Caribbean govts π―
π¨βπ» Diplomatic Specter is the new Chinese APT on the prowl ππ
π Indian elections hounded by cybercriminals w/ influence π£
Chinese cyber espionage group Sharp Panda, now dubbed Sharp Dragon, is expanding its operations to target governmental organisations in Africa and the Caribbean. Known for its strategic attacks, Sharp Dragon employs Cobalt Strike Beacon to ensure stealthy communication and command execution.
Sophisticated Tactics π―
First detected in June 2021, Sharp Dragon initially targeted Southeast Asian governments. Recent attacks reveal a shift towards Africa and the Caribbean, leveraging high-profile compromised email accounts to spread phishing emails.
Cutting-Edge Tools π οΈ
The group uses advanced tools like the Royal Road RTF weaponizer and Cobalt Strike Beacon, minimising exposure of custom tools. This approach suggests a refined understanding of their targets.
Global Reach π
The expansion aligns with China's broader technological and soft power agenda. The latest attacks highlight a continued focus on infiltrating key sectors such as telecom and finance, echoing Chinaβs Digital Silk Road initiative.
Persistent Threat π
Sharp Dragon's operations are part of a larger trend of Chinese cyber actors targeting critical infrastructure worldwide. These efforts are part of a sophisticated and evolving strategy to maintain global influence.
Stay vigilant and informed about the latest in cyber threats! ππ‘
Government entities in the Middle East, Africa, and Asia are under attack from a Chinese APT group in a campaign known as Operation Diplomatic Specter, ongoing since late 2022.
Massive Espionage Campaign π΅οΈββοΈ
Palo Alto Networks' Unit 42 uncovered long-term espionage efforts targeting at least seven government entities. This group, now dubbed TGR-STA-0043, is believed to be acting on behalf of Chinese state interests, targeting diplomatic missions, embassies, military operations, and high-ranking officials.
Sophisticated Techniques π οΈ
The APT group employs rare email exfiltration techniques and credential theft, using tools like Ntospy for stealing credentials. They leverage backdoors such as TunnelSpecter and SweetSpecter, variants of the infamous Gh0st RAT, to maintain stealthy access and exfiltrate data.
Persistent and Stealthy π―
The attackers use DNS tunnelling and search compromised mail servers for sensitive information. They exploit Exchange server flaws like ProxyLogon and ProxyShell to gain initial access, repeatedly trying to regain entry if detected.
Strategic Objectives π
The group's activities align with Chinaβs strategic goals, focusing on military, diplomatic, and foreign affairs information. Their use of tools and infrastructure linked to other Chinese APT groups like APT27 and Mustang Panda underscores their sophisticated approach.
Stay vigilant and protect your networks against these persistent threats! ππ‘
Stay ahead of the curve with Presspool.ai! π Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." π€π‘ Thatβs us, alright! π€΅ How about you? Visionary AI executive, much? π
And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business π€π©βπ»π
Rest assured, the process is very straightforward.
You simply:
π Sign Up & Create Campaign
π Define your audience, budget, and message to captivate your audience.
π Launch your campaign, as Presspoolβs AI matches it with ideal newsletter audiences for optimal reach and conversions. π―
π΅οΈ Finally, you leverage real-time analytics to track performance and refine future strategies. π Elevate your marketing game and stay informed with Presspool.ai! π Simples! π¦¦
Presspool.aiΒ π°ππ€ may just have what you need to succeed. And if the product isnβt for you, the newsletter alone is a gamechanger. And we know newsletters π
Resecurity warns of a surge in cyber activity targeting Indiaβs elections, orchestrated by multiple hacktivist groups. These groups are launching cyber-attacks and leaking stolen personal information on the Dark Web.
Election Under Attack π³οΈ
With elections from 19 April to 1 June 2024, India's vast population and significant GDP make it a prime target. Hacktivist groups are aiming to sway public opinion and undermine trust in the democratic process through influence campaigns, website defacements, and data leaks.
Hacktivist Groups Involved π΅οΈββοΈ
Around 16 groups, including Anon Black Flag Indonesia and Anonymous Bangladesh, are targeting various sectors in India. They exploit geopolitical narratives and recent elections to attack law enforcement, government, healthcare, and more.
Stolen Data on Dark Web π»
Groups like Ahadun-Ahad 2.0 Team have published Indian Voter ID cards on Telegram. Data, including AADHAAR and PAN details, is being used to spread misinformation and sold on the dark web. Malware such as Nexus and Redline is used to steal sensitive information, creating the illusion of vulnerable election systems.
Manipulation Campaigns π―
Public opinion manipulation tactics target Indian government leaders, aiming to create social conflict. False flag operations by these groups are designed to blur attribution and sow discord.
Stay Informed and Secure π
Resecurity urges Indian citizens to remain vigilant and not react to unreliable sources. Increased cybersecurity awareness is crucial to protect against these ongoing threats.
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think.
So long and thanks for reading all the phish!