Press ESC to close

18th November – Threat Intelligence Report

CategoryDetails
Chinese Cyber-Espionage CampaignFBI and CISA issued a joint statement on a major Chinese cyber-espionage campaign by APT group Salt Typhoon, targeting U.S. telecommunications infrastructure (AT&T, Verizon, T-Mobile, Lumen Technologies). The campaign stole call records and intercepted communications, using Cisco router vulnerabilities.
INC Ransomware AttackHungary’s Defense Procurement Agency confirmed a cyberattack by INC Ransomware, demanding $5 million for encrypted military procurement data. The Ministry of National Defense states no sensitive data was stored by VBÜ.
City of Sheboygan Ransomware AttackThe City of Sheboygan, Wisconsin suffered a ransomware attack leading to unauthorized access to its network. No evidence of sensitive personal information being compromised. Forensic investigation is ongoing.
Embargo Ransomware AttackAmerican Associated Pharmacies (AAP) was targeted by Embargo ransomware group, claiming to have stolen 1.469 TB of data. AAP reportedly paid $1.3 million in ransom and faced a second demand.
DDoS Attack in IsraelA DDoS attack disrupted credit card readers in Israeli gas stations and supermarkets, causing payment issues. The hacktivist group Anonymous for Justice is linked to the attack.
Microsoft Patch Tuesday UpdateMicrosoft released a patch fixing 89 vulnerabilities, including two zero-days (CVE-2024-43451 and CVE-2024-49039) actively exploited in the wild.
Palo Alto Networks Zero-DayCritical zero-day vulnerability in Palo Alto’s Next-Generation Firewalls (PAN-SA-2024-0015), allowing unauthenticated remote code execution. Exploited in attacks targeting internet-exposed interfaces.
WordPress Plugin VulnerabilityCritical authentication bypass vulnerability in Really Simple Security plugin, allowing unauthenticated attackers to gain admin access to WordPress sites with two-factor authentication enabled.
October 2024 Malware ReportCheck Point Research highlighted a rise in infostealer malware (AgentTesla and Lumma Stealer) and the new version of Necro mobile malware as significant threats in October 2024.
Hamas-linked WIRTE APT ActivityCheck Point Research reported on Hamas-linked APT group WIRTE, conducting espionage and disruptive attacks against Israel using custom malware and SameCoin wiper malware.
WezRAT by Iranian Threat GroupCheck Point Research reported on WezRAT, a modular RAT used by Iranian group Emennet Pasargad, which has expanded its activity to target Israel, France, Sweden, and the U.S.

Read full article: https://research.checkpoint.com/2024/18th-november-threat-intelligence-report/

Disclaimer: The above summary has been generated by an AI language model

Source: Checkpoint

Published on: November 18, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *