Updated: 2024-11-21 20:15:34 Pacfic
Chinese APT Campaigns Targeting Critical Infrastructure and ISPs - 27d
Multiple Chinese Advanced Persistent Threat (APT) groups, including Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant, are engaging in sophisticated cyber espionage and disruptive campaigns. These groups employ various techniques, including “living off the land” (LOTL) methods, to compromise critical infrastructure, ISPs, and IoT devices. Volt Typhoon’s focus is on U.S. communication infrastructure, often leveraging compromised Fortinet devices for data exfiltration. Salt Typhoon targets U.S. Internet Service Providers (ISPs), seeking to compromise routers and network devices for data collection. Flax Typhoon utilizes compromised IoT devices to build botnets for command and control purposes, aiming at entities in Taiwan and expanding globally. Velvet Ant, a lesser-known group, targets software supply chains, aiming to indirectly infiltrate larger networks. These groups pose a serious threat to critical infrastructure and national security, requiring vigilant defense strategies to combat their stealthy operations.
Fog and Akira Ransomware Attacks Linked to SonicWall SSL VPN - 27d
Arctic Wolf Labs has observed an increase in Fog and Akira ransomware attacks, with at least 30 intrusions across various industries since early August. These attacks often leverage SonicWall SSL VPN in the early stages of the attack chain, highlighting the importance of securing VPN access points. The malicious VPN logins originate from IP addresses associated with VPS hosting, providing defenders with a viable mechanism for early detection and response.
CISA Warns of Actively Exploited Flaw in Fortinet FortiManager - 29d
Fortinet FortiManager has a critical vulnerability, CVE-2024-47575, actively exploited in the wild. This flaw, rated at CVSS 9.8, allows attackers with sufficient permissions to execute arbitrary code, potentially leading to system compromise. CISA urges organizations to prioritize timely remediation of the vulnerability.
Winos4.0 Malware Targets Windows Gamers - 5d
Security researchers at Fortinet’s FortiGuard Labs have uncovered a new malware campaign specifically targeting Microsoft Windows users. The campaign leverages Winos4.0 malware, a known threat actor that exploits vulnerabilities in gaming software to infiltrate user systems. The malware operates as a Remote Access Trojan (RAT), granting attackers remote control over infected machines. Winos4.0 also acts as an information stealer, collecting sensitive data from compromised devices. These malicious activities highlight the continued threat posed by malware targeting gaming communities. Users are urged to maintain updated security software and exercise caution when downloading or installing software from untrusted sources.