CyberCureME - Cyber Security Marketplace’s Post

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as maintain persistent

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware. At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain persistent access to compromised appliances, Mandiant said. The Google-owned threat intelligence firm has assessed with moderate confidence that UNC5325 is associated with UNC3886 owing to source code overlaps in LITTLELAMB.WOOLTEA and PITHOOK with malware used by the latter. https://lnkd.in/dY5Vbkzs

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain persistent access to compromised appliances, Mandiant said. The Google-owned threat intelligence firm has assessed with moderate confidence that UNC5325 is associated with UNC3886 owing to source code overlaps in LITTLELAMB.WOOLTEA and PITHOOK with malware used by the latter. https://lnkd.in/ggTPpDsb

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as maintain persistent #

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. #CyberSecurity #ThreatIntelligence #VPNSecurity #malwareattacks #exploitation

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. #CVE-2024-21893 #malware #vpn

"Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” Our analysis of infrastructure used in the campaign reveals additional links to the UAT-5394 infrastructure and new tactics, techniques and procedures (TTPs) of the threat actor." #MoonPeak #RemoteAccessTrojan #malware #ThreatIntelligence #CyberSecurity

Big Yikes! The most alarming part is that the attack is persistent, which means it's possible the "hackers still have access to many victims because the Coathanger malware is difficult to detect as it intercepts system calls to avoid revealing its presence and is also challenging to remove since it survives firmware upgrades." Those using these FortiGate appliances, even if you had upgraded after the vulnerability was found, should do some deeper checks to ensure that the boxes haven't been compromised. https://lnkd.in/e9YeK_Pg

A new threat has surfaced, impacting millions of devices globally. The PlugX USB worm, a sophisticated malware, has infected over 2.5 million devices, posing a significant cybersecurity threat worldwide. The PlugX malware, known for its resilience and USB drive spreading, gained notoriety. In March 2023, Sophos cybersecurity experts uncovered a variant with improved worming abilities, capable of crossing borders and infiltrating networks unnoticed. PlugX USB Worm In September 2023, the situation intensified when researchers sinkholed a command and control (C2) server linked to the PlugX worms. For just $7, they obtained a unique IP address tied to the worm variant, unveiling a vast number of infected public IP addresses. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gy_QpjPV #threat #plugX #USB #worm #malware #researchers #IP #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

Hackers use F5 BIG-IP malware to stealthily steal data for years The 'Velvet Ant,' a group thought to be linked to Chinese cyberespionage, are using custom malware on F5 BIG-IP appliances to establish a persistent connection to internal networks and siphon data. The method employed reaffirms the ongoing evolution of cyber threats and underscores the importance of continuous security enhancements to prevent such infiltrations.