Threat Group Assessment: Muddled Libra


Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:

  • Social engineering of both end users and helpdesks
  • Traditional phishing
  • Inside access to business process outsourcers
  • Ransomware affiliations for extortion

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Network Scanning Traffic Observed in Public Clouds

    October 28, 2021

    Tracking network scanning activities can help researchers understand which services are being targeted. By monitoring the origins of the scanners, researchers can also identify compromised endpoints. If a host belonging to a known organization suddenly starts to scan a part of the internet, it is a strong indicator that the host is compromised. This blog summarizes ...

  • EU Green Pass-generation keys stolen – sources

    October 27, 2021

    Some of the keys used to generate the European Green Pass have been stolen and distributed on programming networks to create false COVID-19 health certificates, qualified Italian sources said on Wednesday. A series of meetings at the EU level were being held on Wednesday to examine the situation, according to the sources. Read more… Source: ANSA News  

  • Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

    October 27, 2021

    US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment ...

  • Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t

    October 27, 2021

    Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said the threat actors, dubbed “Balikbayan Foxes” and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy ...

  • Iran struggles to relaunch petrol stations after cyber attack

    October 27, 2021

    Iran struggled Wednesday to restart its petrol distribution system after it was hit by an unprecedented cyber-attack which security officials said was launched from abroad. The unclaimed attack crippled the country’s system of government-issued electronic cards which motorists use to purchase heavily subsidised fuel. Long queues have formed outside petrol stations, angering motorists in a country already ...

  • FBI: Ranzy Locker ransomware hit at least 30 US companies this year

    October 26, 2021

    The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of ...