Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:
- Social engineering of both end users and helpdesks
- Traditional phishing
- Inside access to business process outsourcers
- Ransomware affiliations for extortion
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Sophos Firewall zero-day bug exploited weeks before fix
June 16, 2022
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations. On March 25, ...
- Heineken says there’s no free beer, warns of phishing scam
June 16, 2022
There’s no such thing as free beer for Father’s Day — at least not from Heineken. The brewing giant confirmed that a contest circulating on WhatsApp, which promises a chance to win one of 5,000 coolers full of green-bottled lager, is a frothy fraud. “This is a scam and is not sanctioned by Heineken,” the beermaker ...
- New Android malware bypasses multi-factor authentication to steal your passwords
June 16, 2022
A newly discovered form of Android malware steals passwords, bank details and cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. The malware has been detailed by cybersecurity researchers at F5 Labs, who’ve dubbed it MaliBot. It’s the latest in a string of powerful malware targeting Android users. In addition to remotely ...
- A hacker group said it has broken into the Israeli electricity network
June 16, 2022
A hacker group identifying itself as the “Moses Staff” said it has broken into the Israeli electricity network, vowing to plunge the regime into darkness. The group said on Wednesday it had targeted the Israel Electric Corporation, the largest supplier of electrical power in the occupied territories, as well as Dorad Energy Ltd., which serves customers ...
- 730K WordPress sites force-updated to patch critical plugin bug
June 16, 2022
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up. Wordfence threat ...
- Extortion gang ransoms Shoprite, largest supermarket chain in Africa
June 15, 2022
Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. Shoprite is Africa’s largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, ...

