Operation Digital Eye: Espionage campaign targets Visual Studio Code tunnels
Malware Developments
Chinese APT Targets Visual Studio Code Tunnels for Espionage Campaigns
A recently uncovered series of cyberattacks, suspected to be linked to a Chinese threat actor, has targeted IT service providers in Southern Europe. The campaign, dubbed Operation Digital Eye, involved advanced tactics and was observed from late June to mid-July 2024. The primary targets were organizations handling data, infrastructure, and cybersecurity for various industries, making them valuable for intelligence gathering. READ MORE.
Zloader Expands Capabilities with Advanced DNS Tunneling
Zloader, a modular Trojan based on leaked Zeus source code, has evolved significantly since its emergence in 2015. Initially designed for banking fraud, it has shifted toward enabling ransomware attacks by serving as an initial access broker. Its latest version, 2.9.4.0, introduces advanced anti-analysis measures, a custom DNS tunneling protocol for stealthy command-and-control (C&C) communications, and an interactive shell for hands-on keyboard activity, signaling an increased focus on evasion and operational resilience. READ MORE.
Highly Sophisticated PUMAKIT Rootkit Exploits Linux Kernel for Persistence
PUMAKIT is a highly sophisticated loadable kernel module (LKM) rootkit that demonstrates advanced stealth and persistence capabilities, posing a significant threat to Linux environments. This multi-stage malware employs a layered architecture comprising a dropper, memory-resident executables, an LKM rootkit, and a userland rootkit to avoid detection and maintain control. By hooking system calls and kernel functions, PUMAKIT enables privilege escalation, conceals its presence, and establishes covert communication with command-and-control (C&C) servers. Its ability to exploit Linux kernel mechanisms for stealth and control makes it a critical risk to organizational security. READ MORE.
Vulnerabilities and Exploitation Attempts
Ivanti Releases Critical Security Updates for Cloud Services Application
Ivanti has issued important security updates for its Cloud Services Application (CSA) to address three critical vulnerabilities. The company has assured users that there have been no reports of these vulnerabilities being exploited as of the advisory release. READ MORE.
Microsoft December Patch Tuesday Addresses 72 Vulnerabilities and Active Exploit
Microsoft has rolled out its final Patch Tuesday update for 2024, addressing a total of 72 security vulnerabilities across its software lineup. This update includes fixes for 17 critical, 54 important, and one moderate vulnerability. Among these, 31 flaws allow attackers to execute arbitrary code (Remote Code Execution or RCE vulnerabilities), while 27 vulnerabilities enable privilege escalation, granting attackers unauthorized access to higher-level permissions. READ MORE.
Gain deeper Cyber Threat Intelligence (CTI) insights!
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.