The Sophisticated Phishing-as-a-Service Platform! ๐Ÿ”’

Apr 01 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Sponsored by

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s sweeping the nation like a cyber Storm Nelson โ›ˆ๏ธ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿง› PhaaS network Darcula Leverages RCS, iMessage to bypass security ๐Ÿ’ฌ

  • ๐Ÿ‘‰ Finland fingers infamous Chinese APT31 for parliament cyber attack ๐Ÿ›๏ธ

  • ๐Ÿ€ DinodasRAT adapted for Linux, has been observed in several countries ๐ŸŒŽ

Introducing Count Darcula. Sounds like a total PhaaS to me ๐Ÿ‘€๐Ÿ˜๐Ÿ’€

๐Ÿšจ Beware of Darcula, the Sophisticated Phishing-as-a-Service Platform! ๐Ÿ”’

Heads up, everyone! A dangerous new threat is on the horizon, and it's targeting organisations worldwide with its devious phishing tactics. Introducing Darcula, a cunning Phishing-as-a-Service (PhaaS) platform that's causing havoc in over 100 countries. ๐Ÿ˜ฑ๐ŸŒ

Darcula operates by utilising a vast network of more than 20,000 counterfeit domains to orchestrate large-scale phishing attacks. These attacks are not only sophisticated but also highly effective, thanks to Darcula's ability to leverage iMessage and RCS protocols, bypassing traditional SMS firewalls and targeting unsuspecting users worldwide. ๐Ÿ“ฒ๐Ÿ’ป

Offering support for about 200 templates impersonating legitimate brands, Darcula allows cybercriminals to set up phishing sites with ease, targeting sectors like postal services, financial institutions, and government bodies. With domains backed by reputable services like Cloudflare and Tencent, these phishing sites appear legitimate, making it harder for users to discern the deception. ๐ŸŽญ๐Ÿ”’

But Darcula's cunning doesn't stop there. It's constantly evolving, with the ability to update phishing sites seamlessly and even cloak its presence with fake domain holding pages. This makes it incredibly challenging to detect and combat, leaving organisations vulnerable to exploitation. ๐Ÿ›ก๏ธ๐Ÿ•ต๏ธโ€โ™‚๏ธ

What's more, Darcula's smishing messages are particularly insidious, exploiting vulnerabilities in iMessage and RCS to trick users into divulging sensitive information. By impersonating legitimate services like USPS and Apple support, these messages lure users into clicking malicious links, leading to potential identity theft and financial loss. ๐Ÿ“จ๐Ÿ”

Top Tips ๐Ÿ›ก๏ธ

  • Stay Vigilant: Be cautious of unexpected messages, especially those requesting personal or financial information.

  • Update Security Measures: Keep your devices and software up to date to mitigate potential vulnerabilities.

  • Educate Users: Train employees to recognize phishing attempts and report suspicious activity promptly.

  • Use Trusted Services: Opt for reputable VPNs and messaging platforms to minimise the risk of falling victim to phishing attacks.

Don't let Darcula sink its teeth into your organisation's security. Stay informed, stay vigilant, and together, we can combat this malicious threat! ๐Ÿ”’๐Ÿ›ก๏ธ

Join the webinar on April 10: Combating threats through a continuous compliance with Vanta, CrowdStrike, and AWS

As the movement towards cloud-first continues, how can teams ensure their cloud security and compliance programs are optimized? On April 10, join leaders from Vanta, CrowdStrike, and AWS as they discuss ways to leverage continuous compliance and security to proactively monitor cloud infrastructure.

Chinese hackers: Nice guys Finnish last ๐Ÿ’€๐Ÿ’€๐Ÿ’€

Finland: Weโ€™re putting out an APT ๐Ÿ˜

๐Ÿšจ Finnish Police Accuse APT31 of Cyber Attack on Parliament! ๐Ÿ›๏ธ

The Police of Finland, in a groundbreaking announcement, has pointed fingers at a notorious Chinese nation-state actor, APT31, for orchestrating a brazen cyber attack targeting the country's esteemed Parliament back in 2020. ๐Ÿ˜ฑ

According to authorities, the intrusion occurred between fall 2020 and early 2021, sparking a demanding and time-consuming criminal probe. The investigation, characterised by extensive analysis of a "complex criminal infrastructure," has now zeroed in on APT31's culpability in the audacious breach. ๐Ÿ’ป๐Ÿ”

APT31, known by aliases such as Altaire, Bronze Vinewood, and Judgement Panda, is a notorious Chinese state-backed group infamous for its cyber espionage exploits dating back to at least 2010. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”“

This revelation comes hot on the heels of the U.K. and the U.S. attributing a string of cyber espionage activities to APT31, implicating the group in a wide-ranging hacking spree targeting businesses, government officials, dissidents, and politicians. ๐Ÿ˜ฎ๐Ÿ’ผ

Seven operatives associated with APT31 have been slapped with charges in the U.S., with two key figures โ€“ Ni Gaobin and Zhao Guangzong โ€“ facing sanctions alongside a shadowy entity named Wuhan XRZ, believed to be a front for nefarious cyber operations. ๐Ÿšจ๐Ÿ’ฐ

China has vehemently denied these accusations, firing back at the Five Eyes alliance for what it perceives as spreading "disinformation" and engaging in cyberattacks against China. The diplomatic tensions surrounding cybersecurity issues continue to escalate, raising concerns about the future landscape of global cyber warfare. ๐ŸŒ๐Ÿ”’

As the world watches with bated breath, one thing remains crystal clear: the battle for digital supremacy rages on, with each new revelation peeling back the layers of a complex and shadowy cyber landscape. Stay tuned for further updates as this gripping saga unfolds! ๐Ÿ“ฐ๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Watch out for the hackosaurus! ๐Ÿฆ– Time to Dinodash! ๐Ÿƒ๐Ÿƒ๐Ÿƒ

๐Ÿšจ Linux Version of DinodasRAT Detected in Targeted Cyber Attacks! ๐Ÿ€

Kaspersky researchers have uncovered a Linux variant of the notorious DinodasRAT, a multi-platform backdoor, actively targeting regions including China, Taiwan, Turkey, and Uzbekistan. This revelation sheds light on the evolving landscape of cyber threats, with malicious actors expanding their reach to Linux environments. ๐Ÿง๐Ÿ’ป

DinodasRAT, also known as XDealer, is a sophisticated C++-based malware notorious for its ability to extract sensitive data from compromised systems. Its deployment has been linked to various threat actors with ties to China, underscoring the collaborative nature of cyber operations within certain circles. ๐Ÿ›ก๏ธ๐Ÿค–

The Linux version of DinodasRAT, identified as V10, was first discovered by Kaspersky in early October 2023. Unlike its predecessors, this variant is tailored to target Red Hat-based distributions and Ubuntu Linux. Upon infiltration, it establishes persistence using SystemV or SystemD startup scripts and communicates with remote servers to receive commands. ๐Ÿ’ผ๐Ÿ”

This backdoor is equipped with a wide range of capabilities, including file manipulation, process enumeration and termination, shell command execution, and the ability to download updated versions of itself. Moreover, it employs evasion techniques to avoid detection by security tools, highlighting its sophistication and adaptability. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”

"DinodasRAT's primary objective is to establish and maintain control over Linux servers, facilitating data exfiltration and espionage," noted Kaspersky researchers. The discovery of this Linux variant underscores the need for enhanced cybersecurity measures to protect critical infrastructure and sensitive data from evolving threats. ๐Ÿ”’

ย Thatโ€™s all for today, folks! Stay safe out there ๐Ÿ›ก๏ธ๐Ÿ›ก๏ธ๐Ÿ›ก๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles