CYFIRMA Research

ARES, is a new threat actor group identified by CYFIRMA Research. ARES is involved in selling corporate and government authority databases. CYFIRMA Research has observed cartel-like behaviour, affiliations with other threat actors, and connections with established hacking groups like RANSOMHOUSE ransomware group, KelvinSecurity, and Adrastea hacker group. ARES Leaks is potentially becoming an alternative to BreachedForum, intensifying its efforts to add more threat actors and leaks to its platform. The ARES group comprises expert penetration testers, malware developers, and other resources, offering not only data leaks but also Botnet and DDoS services. The OSINT search reveals that the group's admin is involved in selling Zero-day vulnerabilities, indicating that the group is leveraging such vulnerabilities to compromise systems. Overall, ARES Leaks' activities present a serious threat to organizations' cybersecurity.

https://www.cyfirma.com/

CYFIRMA’s research team has discovered a new Remote Access Trojan named Xeno-RAT, featuring sophisticated capabilities. Through comprehensive analysis, our report explores the various evasion techniques utilized by threat actors to circumvent detection, as well as elucidates the methods employed in creating robust malware payloads.
Xeno RAT, a potent malware written in C# with advanced capabilities, demonstrates an alarming trend as it continuously evolves to enhance its features. It exploits the DLL search order functionality in Windows to load malicious DLLs into trusted executable processes and employs process injection to inject malicious code into legitimate Windows processes. Employing a multi-stage infection process, it meticulously avoids detection by scrutinizing for debuggers, monitoring tools, and analysis software before executing its final stage. Equipped with anti-debugging techniques, it operates stealthily and ensures persistence by adding itself to scheduled tasks. Continuously monitoring compromised systems, it communicates with command-and-control servers for status updates and instructions at regular intervals. Extensive obfuscation techniques are utilized both within files/code and in network traffic to effectively evade detection.
To mitigate the risks associated with Xeno RAT malware, users are advised to exercise caution when accessing files from untrustworthy sources or clicking on unfamiliar links. Implementing robust cybersecurity measures, including reputable antivirus software, regular software updates, and awareness of social engineering tactics, is crucial in fortifying protection against such threats.
Link to the Research Report: Xeno RAT: A New Remote Access Trojan with Advance Capabilities - CYFIRMA
#Cyfirma #CyberSecurity #ThreatIntelligence #Xeno-RAT #InfoSec #MalwareAnalysis #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM #Malware

https://www.cyfirma.com/

Cyfirma’s latest report concerning a new malware, Nova, being offered by MaaSoperators Sordeal who have been actively distributing it since early 2023. This information stealer exhibits advanced capabilities, leveraging sophisticated techniques for anti-forensics and defense evasion.
Nova targets most of the commonly used browsers, exfiltrating autofills, bookmarks, payment cards, cookies, download lists, history and passwords. We have observed heightened activity by Sordeal since September 2023. Recent developments highlight alarming upcoming features, including Discord hijacking, credit card theft, and crypto wallet injection. Security measures should prioritize detection similar evolving tactics to safeguard against such threats.
Link to the Research Report: Emerging MaaS Operator Sordeal Releases Nova Infostealer - CYFIRMA
#etlm #cyberintelligence #cybersecurity #infostealer #informationstealer #Cyfirmaresearch #malvertising #Malicord

https://www.cyfirma.com/

The geopolitical landscape in 2024 is at a critical juncture! As we begin the year, explore five key events may shape the course of global affairs and have profound effect on the Cyber Threat Landscape through this Cyfirma blog! Covering the below key events:

· World Goes to the Polls: Over four billion people in nearly 80 countries will participate in elections, with Taiwan's recent election raising tensions in the Taiwan Strait.

· Stalemate in Ukraine: The conflict between Russia and Ukraine remains in an attritional phase, with cyber warfare becoming a pivotal element in the ongoing struggle.

· Globalization Retreats: The fragility of the global trading system intensifies, driven by tensions over Chinese overproduction and investment, potentially leading to a resurgence of trade wars.

· China's Economic Crossroads: China faces challenges including over-indebtedness, demographic concerns, and global pushback against its economic strategies, with cyber espionage posing a significant threat.

· Middle East Suspended: Ongoing conflicts in the Middle East, especially the Israel-Hamas situation, raise concerns about cyber activities and potential wider hostilities involving Iran and its proxies.

The decisions made in the coming days and months will have profound consequences, shaping the course of history. Remain Informed and engaged in understanding the evolving dynamics.

Link to the Research Report: LOOKING INTO THE CRYSTAL BALL : WHAT WILL 2024 BRING IN GEOPOLITICS - CYFIRMA

#Cyfirma #CyfirmaResearch #GlobalAffairs #Geopolitics2024 #Cyberfallout #IsraelGaza #Taiwan #RussiaUkraineWar #SupplyChain #China #Election #Trump #Biden

https://www.cyfirma.com/

CYFIRMA’s Research team embarked on a mission to uncover a targeted attack on Indian defense personnel via WhatsApp Messenger. Suspected to originate from Pakistan, the threat actor deployed malicious Android apps disguised as "MNS NH Contact" and "Posted out off," aiming to gain unauthorized access to sensitive information.
Our Investigation revealed the use of sophisticated social engineering tactics, with malicious apps designed to exploit vulnerabilities and evade detection. Notably, the attacker employed a Spynote Android remote administration tool or possibly a modified version known as 'Craxs Rat', showcasing their advanced evasion tactics.
This incident serves as a stark reminder of the ongoing cyber conflicts between nations and underscores the importance of robust cybersecurity measures. Stay informed, stay vigilant.

Link to Research Report: New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware - CYFIRMA
#CyberSecurity #DigitalThreats #Geopolitics #maliciousAndroid #Indiandefense #socialengineering #espionage #cyberespionage #IndiaPakistan #threatintel #advancedpersistent #CYFIRMA #CyfirmaRsearch #ExteralThreatLandscapeManagement #ETLM

https://www.cyfirma.com/