Sharp Panda Expands Targets

May 24 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that pulls no punches… Unlike Tyson Fury πŸ₯ŠπŸ₯ŠπŸ₯Š

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Ivanti fix your flaw! πŸ‘πŸ‘πŸ‘

🚨 Ivanti Urges Immediate Updates to Fix Critical Security Flaws! πŸ”’

Ivanti has released crucial patches for multiple critical vulnerabilities in Endpoint Manager (EPM) that could lead to remote code execution. πŸ›‘οΈ Six of these flaws (CVE-2024-29822 to CVE-2024-29827, CVSS 9.6) involve SQL injection vulnerabilities allowing unauthenticated attackers on the same network to execute arbitrary code. The other four (CVE-2024-29828 to CVE-2024-29830, CVE-2024-29846, CVSS 8.4) require the attacker to be authenticated.

Additionally, a high-severity flaw in Avalanche version 6.4.3.602 (CVE-2024-29848, CVSS 7.2) has been patched, preventing remote code execution via a specially crafted file upload. Other fixes include vulnerabilities in Neurons for ITSM, Connect Secure, and the Secure Access client for Windows and Linux.

Ivanti emphasises that there is no evidence these flaws have been exploited in the wild. Users are strongly advised to update to the latest versions immediately to protect their systems. πŸ› οΈ

Now, on to today’s hottest cybersecurity news stories:

  • πŸ•΅οΈ Chinese espionage group targets Africa & Caribbean govts 🎯

  • πŸ‘¨β€πŸ’» Diplomatic Specter is the new Chinese APT on the prowl πŸ†πŸ†

  • πŸ•Œ Indian elections hounded by cybercriminals w/ influence πŸ“£

Taking to the Chinese Godfather; he made me an offer I couldn’t understand πŸ˜‚πŸ˜‚πŸ˜‚

🚨 Sharp Panda Expands Targets! 🌍

Chinese cyber espionage group Sharp Panda, now dubbed Sharp Dragon, is expanding its operations to target governmental organisations in Africa and the Caribbean. Known for its strategic attacks, Sharp Dragon employs Cobalt Strike Beacon to ensure stealthy communication and command execution.

Sophisticated Tactics 🎯

First detected in June 2021, Sharp Dragon initially targeted Southeast Asian governments. Recent attacks reveal a shift towards Africa and the Caribbean, leveraging high-profile compromised email accounts to spread phishing emails.

Cutting-Edge Tools πŸ› οΈ

The group uses advanced tools like the Royal Road RTF weaponizer and Cobalt Strike Beacon, minimising exposure of custom tools. This approach suggests a refined understanding of their targets.

Global Reach 🌐

The expansion aligns with China's broader technological and soft power agenda. The latest attacks highlight a continued focus on infiltrating key sectors such as telecom and finance, echoing China’s Digital Silk Road initiative.

Persistent Threat πŸš€

Sharp Dragon's operations are part of a larger trend of Chinese cyber actors targeting critical infrastructure worldwide. These efforts are part of a sophisticated and evolving strategy to maintain global influence.

Stay vigilant and informed about the latest in cyber threats! πŸ”’πŸ’‘

Tinker Tailor Diplomatic Specter πŸ•΅οΈπŸ•΅οΈπŸ•΅οΈ

🚨 Operation Diplomatic Specter Targets Governments! 🌍

Government entities in the Middle East, Africa, and Asia are under attack from a Chinese APT group in a campaign known as Operation Diplomatic Specter, ongoing since late 2022.

Massive Espionage Campaign πŸ•΅οΈβ€β™‚οΈ

Palo Alto Networks' Unit 42 uncovered long-term espionage efforts targeting at least seven government entities. This group, now dubbed TGR-STA-0043, is believed to be acting on behalf of Chinese state interests, targeting diplomatic missions, embassies, military operations, and high-ranking officials.

Sophisticated Techniques πŸ› οΈ

The APT group employs rare email exfiltration techniques and credential theft, using tools like Ntospy for stealing credentials. They leverage backdoors such as TunnelSpecter and SweetSpecter, variants of the infamous Gh0st RAT, to maintain stealthy access and exfiltrate data.

Persistent and Stealthy 🎯

The attackers use DNS tunnelling and search compromised mail servers for sensitive information. They exploit Exchange server flaws like ProxyLogon and ProxyShell to gain initial access, repeatedly trying to regain entry if detected.

Strategic Objectives 🌐

The group's activities align with China’s strategic goals, focusing on military, diplomatic, and foreign affairs information. Their use of tools and infrastructure linked to other Chinese APT groups like APT27 and Mustang Panda underscores their sophisticated approach.

Stay vigilant and protect your networks against these persistent threats! πŸ”’πŸ’‘

🎣 Catch of the Day!! 🌊🐟🦞

Stay ahead of the curve with Presspool.ai! πŸš€ Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." πŸ€“πŸ’‘ That’s us, alright! 🀡 How about you? Visionary AI executive, much? πŸ‘€

And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business πŸ€–πŸ‘©β€πŸ’»πŸŒ

Rest assured, the process is very straightforward.

You simply:

πŸ†• Sign Up & Create Campaign

πŸ“Š Define your audience, budget, and message to captivate your audience.

πŸš€ Launch your campaign, as Presspool’s AI matches it with ideal newsletter audiences for optimal reach and conversions. 🎯

πŸ•΅οΈ Finally, you leverage real-time analytics to track performance and refine future strategies. πŸ“ˆ Elevate your marketing game and stay informed with Presspool.ai! 🌟 Simples! 🦦

Presspool.aiΒ πŸ“°πŸŠπŸ€– may just have what you need to succeed. And if the product isn’t for you, the newsletter alone is a gamechanger. And we know newsletters πŸ˜‰

It’s an Indian summer for cybercrime πŸ’€πŸ’€πŸ’€

🚨 Cyber Threats Target Indian Elections! πŸ•Œ

Resecurity warns of a surge in cyber activity targeting India’s elections, orchestrated by multiple hacktivist groups. These groups are launching cyber-attacks and leaking stolen personal information on the Dark Web.

Election Under Attack πŸ—³οΈ

With elections from 19 April to 1 June 2024, India's vast population and significant GDP make it a prime target. Hacktivist groups are aiming to sway public opinion and undermine trust in the democratic process through influence campaigns, website defacements, and data leaks.

Hacktivist Groups Involved πŸ•΅οΈβ€β™‚οΈ

Around 16 groups, including Anon Black Flag Indonesia and Anonymous Bangladesh, are targeting various sectors in India. They exploit geopolitical narratives and recent elections to attack law enforcement, government, healthcare, and more.

Stolen Data on Dark Web πŸ’»

Groups like Ahadun-Ahad 2.0 Team have published Indian Voter ID cards on Telegram. Data, including AADHAAR and PAN details, is being used to spread misinformation and sold on the dark web. Malware such as Nexus and Redline is used to steal sensitive information, creating the illusion of vulnerable election systems.

Manipulation Campaigns 🎯

Public opinion manipulation tactics target Indian government leaders, aiming to create social conflict. False flag operations by these groups are designed to blur attribution and sow discord.

Stay Informed and Secure πŸ”’

Resecurity urges Indian citizens to remain vigilant and not react to unreliable sources. Increased cybersecurity awareness is crucial to protect against these ongoing threats.

πŸ—žοΈ Extra, Extra! Read all about it! πŸ—žοΈ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles