#PlugX #malware delivered by exploiting flaws in Chinese programs
https://securityaffairs.com/143360/malware/plugx-malware-flaws.html
#securityaffairs #hacking

Sophos is back with another round of #DLLapalooza. This time, we’ve found a wormable variant of #PlugX. After first appearing in Papa New Guinea, it hopped 10,000 miles to Ghana. It’s since shown up in several more countries in Africa, as well as Mongolia. 1/4

#PlugX #Trojan disguised as a legitimate #Windows open-source tool in recent attacks
https://securityaffairs.com/142770/malware/plugx-trojan-disguised-windows-tool.html
#securityaffairs #hacking #ransomware

#PlugX

https://www.trendmicro.com/en_us/research/23/b/investigating-the-plugx-trojan-disguised-as-a-legitimate-windows.html

Latest research where we use @velocidex to hunt for DLL injection files abused by actors: https://www.rapid7.com/blog/post/2023/02/09/evasion-techniques-uncovered-an-analysis-of-apt-methods/ #plugx

#PlugX-#Malware versteckt sich auf #USB-Sticks und infiziert #Windows | heise online https://www.heise.de/news/PlugX-Malware-versteckt-sich-auf-USB-Sticks-und-infiziert-Windows-7476057.html

This week's edition of SOC Goulash, our Weekend Wrap-Up of infosec news, is live and hot off the press!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-be1

Building on last week's flagging of the increase in abuse of #Malvertising, researchers have observed it being abused to deliver #ASyncRAT and #xworm payloads, as well as to harvest master passwords for Password Manager solutions like #Bitwarden and #1Password.

#Hive ransomware have had their infrastructure seized in a multi-national law enforcement operation. The authorities lurked in their infrastructure for six months, gathering communications & information on their members and stealing 1,300 decryption keys that enabled them to avert ~$130 million in potential ransom payments.

North Korea's crypto-hunting actors have been agile in adopting emerging tradecraft and developing novel payloads. With $1 billion worth of funds brought into the hermit kingdom in 2022, orgs in the #cryptocurrency and #DeFi space will need to be on guard coming into 2023.

#PlugX malware continues to be developed, with new variants spotted in the wild capable of spreading via USB, upgrading old installations, and pilfering documents from hosed computers.

#vulnerabilities in the Realtek SDK have been exploited nearly 130 million times between August and December last year alone by botnets seeking to grow their numbers.

Security researchers Horizon3 intend to release a PoC #exploit for CVSS 9.8 RCE vulnerabilities in VMWare's vRealize Log Insight product this week - make sure you're patched!

For our paid subscribers, we've got some additional articles on:
1. The adoption of OneNote for payload delivery, and tips for analysis;
2. An overview of CVE-2022-34689, a critical Windows vulnerability that could be abused to intercept & decrypt encrypted communications or spoof code-signing of malicious executables;
3. A vulnerability/not-vulnerability in #KeePass, with no patch and an unknown scope of impact, allowing attackers to dump plaintext credentials from the Password Manager.

As always, there's a tonne of additional goodies to be found in the newsletter that I couldn't cover here, so check it out here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-be1

#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #malvertising #passwordmanager #vmware #poc

PlugX: Malware versteckt sich auf USB-Sticks, infiziert Windows-PCs #news #plugx

https://winfuture.de/news,134263.html

Die #Malware #PlugX verbreitet sich über #USB-Geräte und befällt #Windows-Rechner. https://winfuture.de/news,134263.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

#PlugX #CTI #ThreatIntel

02d605b7e07b9026104d8160602b0142
draft letter to European Commission RUSSIAN OIL PRICE CAP sg de.iso (deliver #PlugX) :

New research from Insikt Group has observed activity attributed to likely Chinese state-sponsored threat activity group #RedDelta using a customized variant of the #PlugX backdoor (heavily customized for anti-analysis for detection evasion). More in the report: https://www.recordedfuture.com/reddelta-targets-european-government-organizations-continues-iterate-custom-plugx-variant

#RedDelta / #MustangPanda have expanded to using ISO files in addition to RAR and ZIP files.

Also, the config decryption key changed to jOh752oCI for their more recent variants of #plugx.

https://go.recordedfuture.com/hubfs/reports/cta-2022-1223.pdf

2022 Adversary Infrastructure Report

"We observed over 17,000 unique command-and-control (C2) servers during 2022, which is up 30% from last year. Much like 2021, our collection in 2022 was dominated by Cobalt Strike team servers, botnet families including IcedID and QakBot, and popular RATs such as PlugX."

#threatintel friday #cobaltstrike #icedid #qakbot #plugx

https://www.recordedfuture.com/2022-adversary-infrastructure-report

TA416 APT Rebounds With New PlugX Malware Variant - The TA416 APT has returned in spear phishing attacks against a range of victims - from the Vatican... https://threatpost.com/ta416-apt-plugx-malware-variant/161505/ #advancedpersistentthreatgroup #china-holyseedeal #socialengineering #malwareanalysis #phishingattack #spearphishing #websecurity #proofpoint #diplomats #malware #vatican #golang #loader #hacks #china #plugx #ta416 #apt

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs - The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic insti... https://threatpost.com/hackers-continue-cyberattacks-against-vatican-catholic-orgs/159306/ #catholicdioceseofhongkong #remoteaccesstrojan #statesponsoredhack #vulnerabilities #chinesehackers #spearphishing #websecurity #cyberattack #catholic #reddelta #vatican #china #plugx #rat