Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:
- Social engineering of both end users and helpdesks
- Traditional phishing
- Inside access to business process outsourcers
- Ransomware affiliations for extortion
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Microsoft warns enterprises of new ‘dependency confusion’ attack technique
February 10, 2021
Microsoft has published a white paper on Tuesday about a new type of attack technique called a “dependency confusion” or a “substitution attack” that can be used to poison the app-building process inside corporate environments. The technique revolves around concepts like package managers, public and private package repositories, and build processes. Today, developers at small or large ...
- British cyber gang ‘stole large amounts from US sports and music stars after accessing their phones’
February 10, 2021
Eight Britons have been arrested for hacking into the phones of US celebrities to steal money and personal information – even posing as them online. Britain’s National Crime Agency (NCA) said sports stars, musicians and their families had been targeted by the scam in which criminals gain access to their victim’s phones or accounts. This allowed them ...
- BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
February 9, 2021
Highly malleable, highly sophisticated and over 10,000 bytes of machine code. This is what Unit 42 researchers were met with during code analysis of this “bear” of a file. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. Analysis by Trend ...
- Android Devices Hunted by LodaRAT Windows Malware
February 9, 2021
A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both versions were seen in a recent campaign targeting Bangladesh, ...
- Web hosting provider shuts down after cyberattack
February 9, 2021
A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation. According to a message posted on its official site , the company said it was breached on Monday, February 8. The hacker appears to have “compromised” the company’s entire ...
- Actively Exploited Windows Kernel EoP Bug Allows Takeover
February 9, 2021
Microsoft has addressed nine critical-severity cybersecurity bugs in February’s Patch Tuesday updates, plus an important-rated vulnerability that is being actively exploited in the wild. Six of the security holes – including one of the critical bugs – were already publicly disclosed. Overall, the computing giant has released patches for 56 CVEs covering Microsoft Windows components, the .NET ...

