In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano.
Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have not been observed enough to receive a numerical TA designation. Delivery and infection chain analysis In late October 2024, UNK_CraftyCamel actors leveraged access to a compromised email account belonging to the Indian electronics company INDIC Electronics to send malicious email messages. The emails contained URLs pointing to the actor-controlled domain indicelectronics[.]net, which mimics the legitimate INDIC electronics domain.
Read more…
Source: Proofpoint
Related:
- ESET discovers 21 new Linux malware families
December 6, 2018
Although Linux is a much more secure operating system compared to the more widely used Windows, it is not impervious to misconfigurations and malware infections. Over the past decade, the number of malware families targeting Linux has grown, but the total number of threats is still orders of magnitude under the malware numbers reported attacking Windows systems. This smaller ...
- Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency
November 27, 2018
A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, built to simplify working with Node.js streaming modules and it is available through the npmjs.com repository. Although the malicious code was discovered last week, researchers were able to determine ...
- Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions
November 26, 2018
A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October. Mobile malware, dubbed Rotexy, has evolved from being spyware to now a dangerous banking trojan packing a host of new clever features. Researchers report 70,000 attacks between August and October with targets primarily based in Russia. In a technical brief released ...
- Rowhammer attacks can now bypass ECC memory protections
November 22, 2018
Academics from the Vrije University in Amsterdam, Holland, have published a research paper today describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data ...
- Lazarus APT Uses Modular Backdoor to Target Financial Institutions
November 21, 2018
The advanced persistent threat group Lazarus with North Korean links has been observed using a modular backdoor during last week to compromise a series of Latin American financial institutions by Trend Micro’s Lenart Bermejo and Joelson Soares. As unearthed by the Trend Micro research team, the APT38 threat group successfully compromised a number of computing systems ...
- L0rdix becomes the new Swiss Army knife of Windows hacking
November 21, 2018
A new hacking tool making the rounds in underground forums has been deemed the latest “go-to” universal offering for attackers targeting Microsoft Windows PCs. The software is called L0rdix and according to cybersecurity researchers from enSilo is “aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, can avoid malware analysis tools.” In a blog ...

