Threat Group Assessment: Muddled Libra


Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:

  • Social engineering of both end users and helpdesks
  • Traditional phishing
  • Inside access to business process outsourcers
  • Ransomware affiliations for extortion

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Suspected Russian hackers spied on U.S. Treasury emails – sources

    December 13, 2020

    Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg. The hack is so serious it led to a National Security Council meeting at ...

  • Intel’s Habana Labs hacked by Pay2Key ransomware, data stolen

    December 13, 2020

    Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors. Habana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel purchased the company in December 2019 for approximately $2 billion. Today, the Pay2Key ransomware operation leaked data allegedly stolen from ...

  • Subway marketing system hacked to send TrickBot malware emails

    December 12, 2020

    Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday. Starting yesterday, Subway UK customers received strange emails from ‘Subcard’ about a Subway order that was placed. Included in the email were links to documents allegedly containing confirmation of the order. After analyzing these ...

  • Facebook doxes APT32, links Vietnam’s primary hacking group to local IT firm

    December 11, 2020

    In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today’s most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect ...

  • CISA and FBI warn of rise in ransomware attacks targeting K-12 schools

    December 11, 2020

    In a joint security alert published on Thursday, the US Cybersecurity Infrastructure and Security Agency, along with the Federal Bureau of Investigation, warned about increased cyber-attacks targeting the US K-12 educational sector, often leading to ransomware attacks, the theft of data, and the disruption of distance learning services. “As of December 2020, the FBI, CISA, and ...

  • Investigating the Gootkit Loader

    December 11, 2020

    Since October 2020, we saw an increase in the number of Gootkit cases targeting users in Germany. We investigated this development and found that the Gootkit loader was now capable of sophisticated behavior that enabled it to surreptitiously load itself onto an affected system and make analysis and detection more difficult. This capability was used to ...