In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano.
Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have not been observed enough to receive a numerical TA designation. Delivery and infection chain analysis In late October 2024, UNK_CraftyCamel actors leveraged access to a compromised email account belonging to the Indian electronics company INDIC Electronics to send malicious email messages. The emails contained URLs pointing to the actor-controlled domain indicelectronics[.]net, which mimics the legitimate INDIC electronics domain.
Read more…
Source: Proofpoint
Related:
- Operation Sharpshooter Uses Fileless Malware to Attack Global Infrastructure
December 12, 2018
The McAfee Advanced Threat Research team detected a malware campaign dubbed Operation Sharpshooter which attacked nuclear, defense, energy, and financial targets from all over the world. As detailed by McAfee’s research team, the campaign dubbed “Operation Sharpshooter” makes use of an in-memory essential to download and execute a second stage payload named Rising Sun. Moreover, the Rising Sun implant ...
- New Variant of Shamoon Malware Uploaded to VirusTotal
December 12, 2018
A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet. Also referred to as DistTrack, the sophisticated malware was initially observed in attacks against Saudi Arabian and other oil companies in 2012, when it destroyed data on over 30,000 systems. An updated ...
- Large Organizations Face Up to Several Million Targeted Bot Attacks per Day
December 12, 2018
According to an Osterman Research report, 211 large organizations with a mean of 16,822 employees have reported that during most weeks they experienced an average of 3,700 bot attacks targeting Internet exposed web apps. Bot attacks (also known as botnet attacks) make use of large numbers of connected computers to try and take down entire networks, websites, ...
- Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure
December 11, 2018
Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. When events of geopolitical significance hit the papers, researchers look for parallel signs of sub rosa cyber activity carried out by state-sponsored threat actors—espionage, sabotage, coercion, information operations—to complete the picture. After all, behind every story may lurk ...
- DarkVishnya: Banks attacked through direct connection to local network
December 6, 2018
While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In 2017-2018, Kaspersky Lab specialists were invited to research ...
- IoT Botnets Behind 78% of Malware Network Events in 2018 According to Report
December 6, 2018
Internet of things (IoT) botnet activity during 2018 was behind roughly 78% of all network malware events detected by the NetGuard Endpoint Security solution deployed on more than 150 million devices according to a report by the Nokia Threat Intelligence Lab. The Nokia Threat Intelligence Report 2019 report was also performed using multiple malware sandboxes and honeypots, on both ...

