Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:
- Social engineering of both end users and helpdesks
- Traditional phishing
- Inside access to business process outsourcers
- Ransomware affiliations for extortion
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Florida: Hacker Changed Chemical Levels at Oldsmar’s Water Treatment Plant
February 8, 2021
Pinellas County Sheriff Bob Gualtieri said at a news conference Monday there were two intrusions, hours apart. The first one happened at 8 a.m., when a plant operator noticed someone remotely accessing the system he was monitoring, which controls chemicals and other plant operations. But he didn’t think much of it, according to the sheriff, because ...
- Billions of Passwords Offered for $2 in Cyber-Underground
February 8, 2021
A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords. The trove is an aggregate database that brings together older stolen data from breaches past – including credentials from Netflix, LinkedIn, ...
- Fortinet fixes critical vulnerabilities in SSL VPN and web firewall
February 7, 2021
Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has ...
- Signal ignores proxy censorship vulnerability, bans researchers
February 7, 2021
Signal, an end-to-end encrypted messaging platform was recently blocked by the Iranian government. To help its users bypass censorship in Iran, the company suggested a TLS proxy workaround. However, multiple researchers have now discovered flaws in the workaround that can let a censor or government authority probe into Signal TLS proxies, rendering these protections moot and potentially ...
- Eletrobras, Copel energy companies hit by ransomware attacks
February 5, 2021
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. State-controlled, both are key players in the country. Copel being the largest in the state of Paraná while Eletrobras is the largest power utility company in Latin America ...
- Cisco warns of critical remote code execution flaws in its small business VPN routers
February 5, 2021
Cisco is warning customers using its small business routers to upgrade the firmware to fix flaws that could give remote attackers root level access to the devices. The critical flaws affect the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers. These were the models Cisco recommended customers using unsupported small business routers to ...

