Threat Group Assessment: Muddled Libra


Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:

  • Social engineering of both end users and helpdesks
  • Traditional phishing
  • Inside access to business process outsourcers
  • Ransomware affiliations for extortion

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Swipe left: Snoops use dating apps to hook sources, says Australian Five Eyes boss

    February 10, 2022

    Nations running online foreign influence campaigns have turned to dating apps to recruit people privy to sensitive information, according to the director general of the Australian Security and Intelligence Organisation (ASIO), the nation’s security agency directed against external threats and a key partner in the Five Eyes security alliance. “In the last two years, thousands of ...

  • A sign of ransomware growth: Gangs now arbitrate disputes

    February 9, 2022

    Cyber criminal gangs are getting increasingly adept at hacking and becoming more professional, even setting up an arbitration system to resolve payment disputes among themselves, according to a new report by the United States, Australia and the United Kingdom that paints a bleak picture of ransomware trends. Ransomware gangs, which hack targets and hold their data ...

  • Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)

    February 8, 2022

    On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management. Impacted organizations could experience: theft of sensitive data, financial ...

  • FBI: Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public

    February 8, 2022

    The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to ...

  • Roaming Mantis reaches Europe

    February 7, 2022

    Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. Kaspersky researchers have been tracking Roaming Mantis since 2018, and they observed some new activities by Roaming Mantis in 2021, and some changes in the Android Trojan Wroba.g (or Wroba.o, a.k.a Moqhao, XLoader) that’s mainly used in this campaign. ...

  • Medusa Malware Joins Flubot’s Android Distribution Network

    February 7, 2022

    Flubot, the Android spyware that’s been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa. That’s according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns. The Flubot malware (aka Cabassous) is delivered to targets ...