Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:
- Social engineering of both end users and helpdesks
- Traditional phishing
- Inside access to business process outsourcers
- Ransomware affiliations for extortion
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
December 2, 2021
Over the course of three months, a persistent and determined APT actor has launched multiple campaigns which have now resulted in compromises to at least 4 additional organizations, for a total of 13. Beginning on Sept. 16, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) ...
- Vulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution
December 2, 2021
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software developers use to build their browsers, as well. This specific vulnerability exists in Blink, the main DOM parsing and rendering engine at the core of ...
- Play Your Cards Right: Detecting Wildcard DNS Abuse
December 1, 2021
The domain name system (DNS) maps names to addresses so that computers can communicate. The directions within the DNS exist largely in records where a specific name (such as paloaltonetworks.com) is mapped to pieces of data, such as IP addresses (for example, 34.107.151202). As the name suggests, wildcard DNS records are an exception to this ...
- Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users
December 1, 2021
Attackers are impersonating the Iranian government in a widespread SMS phishing campaign that is defrauding thousands of Android users by installing malware on their devices that can steal their credit card data and siphon money from financial accounts. Researchers from Check Point Research estimate that the campaign, which sends so called “smishing” messages that entice victims ...
- APT annual review 2021
November 30, 2021
The Global Research and Analysis Team at Kaspersky posted the summary of most interesting trends and developments of the last 12 months. This is based on Kaspersky visibility in the threat landscape and it’s important to note that no single vendor has complete visibility into the activities of all threat actors. Private sector vendors play a ...
- Queensland government energy generator hit by ransomware
November 30, 2021
Queensland government-owned energy generator CS Energy said on Tuesday it was responding to a ransomware incident that occurred over the weekend. First reported by Energy Source & Distribution, the company said the incident has not impacted electricity generation at Callide and Kogan Creek power station, and it was looking to restore its network. ANZ regional director at ...

