Threat Group Assessment: Muddled Libra


Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:

  • Social engineering of both end users and helpdesks
  • Traditional phishing
  • Inside access to business process outsourcers
  • Ransomware affiliations for extortion

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Secure Manufacturing on Cloud, Edge and 5G

    October 13, 2021

    Global manufacturers need to digitize their manufacturing processes and transform their business into a digital enterprise. Digital manufacturing is an advancement that many businesses have been using, with 60% of factories already using the cloud (87% including businesses who will soon implement it) and 26% with Private 5G already implemented (67% including enterprises who will ...

  • Israeli hospital targeted by ransomware attack

    October 13, 2021

    The Hillel Yaffe Medical Center in Hadera has been targeted by a ransomware attack that affected the computer systems of the hospital, the medical center announced on Wednesday. The attack occurred without any prior warning. Since the attack, the hospital has using alternate systems in the meantime while treating patients. The hospital is operating as normal, ...

  • MysterySnail attacks IT companies, defence contractors and diplomatic entities with Windows zero-day

    October 12, 2021

    In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We discovered that it was using ...

  • Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

    October 12, 2021

    Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution (RCE) zero-day vulnerability that’s being actively exploited. Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now’s a really good time to update ...

  • Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

    October 11, 2021

    DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime ...

  • Pacific City Bank discloses ransomware attack claimed by AvosLocker

    October 11, 2021

    Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. The bank is circulating notices to inform its clients of a security breach it identified on August 30, 2021, which they claim to have addressed promptly. Read more… Source: Bleeping Computer