Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:
- Social engineering of both end users and helpdesks
- Traditional phishing
- Inside access to business process outsourcers
- Ransomware affiliations for extortion
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Recently fixed Windows zero-day actively exploited since mid-2020
February 20, 2021
Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data. The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability.’ It allows local attackers to elevate their privileges to ...
- SonicWall releases additional update for SMA 100 vulnerability
February 20, 2021
SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately. Last month, SonicWall disclosed that their internal systems were attacked using a zero-day vulnerability in their SMA-100 remote access devices. A week later, cybersecurity firm NCC Group discovered the zero-day vulnerability used ...
- Malaysia arrests 11 suspects for hacking government sites
February 19, 2021
Malaysian officials announced on Thursday the arrest of 11 suspects believed to be part of a hacktivist group that defaced government websites during late January. The group, calling itself Anonymous Malaysia, defaced 17 websites for local governments and universities, according to posts they made on a Facebook page earlier this month. The defacements were part of a ...
- IronNetInjector: Turla’s New Malware Loading Tool
February 19, 2021
In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use – including threat actors. This not only saves the bad guys development time, but also makes it much easier for them to find new ideas to prevent detection of their malware. Unit 42 researchers have found ...
- Silver Sparrow Malware Found Nesting on 30K Macs
February 19, 2021
Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform. Curiously, in the samples seen so far by analysts at Red Canary, the malware (dubbed Silver Sparrow) has been executing on victim machines with the final payload yet to ...
- Malformed URL Prefix Phishing Attacks Spike 6,000%
February 19, 2021
Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL. “The URLs are malformed, not utilizing the normal URL protocols, ...

