In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom.
At least one industry source refers to this criminal syndicate as the Trinity of Chaos. “Trinity” is used because the conglomerate is likely composed of individuals tied to three groups: Muddled Libra (aka Scattered Spider), Bling Libra (aka ShinyHunters), and LAPSUS$, all of which are likely representative of the broader cybercriminal community known as The Com.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Stubborn Malware Targets QNAP NAS Hardware Specifically
November 1, 2019
Top-selling network attached storage devices (NAS) made by QNAP Systems are being singled out by attackers, who have crafted malware specifically designed for the vendor’s hardware. Researchers at the Finland’s National Cyber Security Centre (NCSC-FI) reported the targeted attacks late last month, dubbing the malware QSnatch. Once infected, hackers can access the NAS devices and retrieve all ...
- Office for Mac Users Warned of Malicious SYLK Files
November 1, 2019
Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code. The warning comes from United States Computer Emergency Readiness Team (US-CERT), which said that ...
- Threat Spotlight: Neshta File Infector Endures
November 1, 2019
Neshta is an older file infector that is still prevalent in the wild. It was initially observed in 2003 and has been previously associated with BlackPOS malware. It prepends malicious code to infected files. This threat is commonly introduced into an environment through unintentional downloading or by other malware. It infects Windows executable files and ...
- Calypso APT Emerges from the Shadows to Target Governments
October 31, 2019
A newly discovered APT group, dubbed Calypso after a custom malware RAT that it uses, has been targeting state institutions in six different countries since 2016. Government organizations in India (34 percent), Brazil and Kazakhstan (18 percent respectively), Russia and Thailand (12 percent respectively) and Turkey (6 percent) have all been successfully infiltrated at some point, ...
- ICS Attackers Set To Inflict More Damage With Evolving Tactics
October 31, 2019
Future attacks on industrial control system (ICS) networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remains extraordinarily difficult to mount successful attacks on critical ...
- WhatsApp Spyware Attack: Uncovering NSO Group Activity
October 30, 2019
On the heels of Facebook filing a lawsuit against Israeli company NSO Group — alleging that it was behind the massive WhatsApp hack earlier this year — privacy experts say that the move is “popping the unaccountable bubble” that commercial spyware companies have carved out for themselves. After disclosing the lawsuit,WhatsApp said that cyber security experts at the Citizen Lab, ...