Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:
- Social engineering of both end users and helpdesks
- Traditional phishing
- Inside access to business process outsourcers
- Ransomware affiliations for extortion
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- U.S. Accuses North Korean Hackers of Stealing Millions
February 17, 2021
The U.S. Department of Justice has indicted three North Korean computer programmers for their alleged participation in widespread, destructive cyberattacks as part of the advanced persistent threat (APT) known as Lazarus Group. The indictment broadens the scope of crimes that the DoJ has linked to Lazarus Group (and by extension, to North Korea). The feds also ...
- Kia Motors America suffers ransomware attack, $20 million ransom
February 17, 2021
Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. Kia Motors America (KMA) is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary. KMA has nearly 800 dealers in the USA with cars and SUVs manufactured out of West ...
- Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed
February 17, 2021
Details of a flaw in Apple’s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers. The Safari bug, patched on Dec. 2 by Apple, was exploited by a malvertising campaign that redirected traffic ...
- DDoS attacks in Q4 2020
February 16, 2021
Cybercriminals are constantly on the lookout for means and methods to make attacks more destructive. In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as ...
- Security bugs left unpatched in Android app with one billion downloads
February 16, 2021
An Android application downloaded more than one billion times contains unpatched vulnerabilities that the app maker has failed to fix for more than three months. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users to share files with friends or between personal devices. The bugs can be exploited to run malicious code ...
- DDoS attacks on Russian online retailers double in 2020
February 16, 2021
The number of DDoS attacks on Russian online retailers nearly doubled in 2020 compared to the previous year, the Rostelecom-Solar cyber security company said in a statement. “Online retail business has been in the focus of cyber criminals for several years. However, as customer demand for online retail services grew amid coronavirus restrictions, they became even ...

