Threat Group Assessment: Muddled Libra


Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:

  • Social engineering of both end users and helpdesks
  • Traditional phishing
  • Inside access to business process outsourcers
  • Ransomware affiliations for extortion

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Ransomware groups are shifting towards smaller targets, but ones where they can still guarantee a significant payday

    February 7, 2022

    The cost and risk of executing ransomware attacks is going up, making it harder for cyber criminals to carry them out, which could lead to a decline in the number of overall ransomware attacks. But that could mean some ransomware victims end up paying a heavier price. Ransomware is still running rampant, with several major incidents ...

  • Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs

    February 5, 2022

    Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people. In a press release, the company said the ransomware attack began on August 1 and made their ...

  • China suspected in hack of journalists at News Corp

    February 4, 2022

    Digital intruders broke into News Corp email accounts and compromised the data of an unspecified number of journalists, the company disclosed Friday. The media firm’s internet security adviser said the hack was likely aimed at gathering intelligence for Beijing’s benefit. News Corp, which publishes the Wall Street Journal, said the breach was discovered in late January and ...

  • Indicators of Compromise Associated with LockBit 2.0 Ransomware

    February 4, 2022

    LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits. After compromising a victim ...

  • Airport services firm Swissport reports ransomware incident

    February 4, 2022

    Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said the ransomware attack targeted its IT infrastructure. The group behind the attack was not named. Also: Prosecutors investigating cyberattacks affecting multiple Belgian and Dutch ports “The attack has been largely contained, and we are working actively to fully resolve the ...

  • Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed

    February 4, 2022

    Researchers have uncovered an active campaign exploiting a zero-day vulnerability in the Zimbra email platform. Zimbra is an email platform available under an open source license. According to the developer, the platform supports hundreds of millions of mailboxes located in 140 countries. On February 3, cybersecurity researchers from Volexity, Steven Adair and Thomas Lancaster, said the system ...