Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:
- Social engineering of both end users and helpdesks
- Traditional phishing
- Inside access to business process outsourcers
- Ransomware affiliations for extortion
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- FBI: Ransomware targets companies during mergers and acquisitions
November 2, 2021
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to ...
- Cybercriminals sell access to international shipping, logistics giants
November 2, 2021
Cybercriminals are offering initial access for networks belonging to key players in global supply chains, researchers warn. On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea. Global supply chains have faced serious ...
- Toronto public transportation system reports ransomware attack
November 2, 2021
The Toronto Transit Commission (TTC) — which runs the city’s public transportation system — reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization’s email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ...
- ‘Trojan Source’ Hides Invisible Bugs in Source Code
November 1, 2021
Researchers have found a new way to encode potentially evil source code, such that human reviewers see a harmless version and compilers see the invisible, wicked version. Named “Trojan Source attacks,” the method “exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the ...
- Canadian province health care system disrupted by cyberattack
November 1, 2021
The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments. This outage affected health systems in Central Health, Eastern Health, Western Health, ...
- Spam and phishing in Q3 2021
November 1, 2021
This summer and early fall saw some major international sporting events. The delayed Euro 2020 soccer tournament was held in June and July, followed by the equally delayed Tokyo Olympics in August. Q3 2021 also featured several F1 Grand Prix races. There was no way that cybercriminals and profiteers could pass up such a golden ...

