Threat Group Assessment: Muddled Libra


Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include:

  • Social engineering of both end users and helpdesks
  • Traditional phishing
  • Inside access to business process outsourcers
  • Ransomware affiliations for extortion

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability

    December 7, 2020

    The US National Security Agency has published a security alert today urging companies to update VMWare products for a vulnerability that is currently exploited by “Russian state-sponsored malicious cyber actors.” The vulnerability tracked as CVE-2020-4006, impacts VMWare endpoint and identity management products, often deployed in enterprise and government networks. The affected products, listed below, allow system administrators ...

  • Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

    December 7, 2020

    Researchers have discovered new samples of a previously discovered Android malware, which is believed to be linked to the APT39 Iranian cyberespionage threat group. The new variant comes with new surveillance capabilities – including the ability to snoop on victims’ Skype, Instagram and WhatsApp instant messages. According to U.S. feds, the developers of this malware are ...

  • Hacker opens 2,732 PickPoint package lockers across Moscow

    December 7, 2020

    A mysterious hacker used a cyber-attack to force-open the doors of 2,732 package delivery lockers across Moscow. The attack, which took place on Friday afternoon, December 4, targeted the network of PickPoint, a local delivery service that maintains a network of more than 8,000 package lockers across Moscow and Saint Petersburg. Russians can order products online and ...

  • Italian police arrest 2 in defense data theft case

    December 6, 2020

    Police in Italy have arrested two people in connection with the hacking of Italian aerospace and electronics company Leonardo, the Interior Ministry announced on Saturday. The Leonardo group also has a cybersecurity division that counts NATO among its customers and is involved in making electronic weapons and missiles. The hackers allegedly managed to steal sensitive data ...

  • The chronicles of Emotet

    December 4, 2020

    More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. The malware is still in fine fettle, and remains one of the most potent cybersecurity threats ...

  • Ransomware attack cripples Vancouver public transportation agency

    December 4, 2020

    A ransomware attack has crippled the operations of TransLink, the public transportation agency for the city of Vancouver, Canada. The attack took place this week, on December 1, and has left Vancouver residents unable to use their Compass metro cards or pay for new tickets via the agency’s Compass ticketing kiosks. TransLink initially passed the incident as ...