TA547, a threat actor famous for financially motivated malicious actions, has attacked dozens of German businesses using Rhadamanthys stealer in a phishing attack aimed at the exfiltration of sensitive data. Reports on the attack vector revealed that TA547 sends victims a compelling email containing the stealer. The email impersonates the German company Metro AG. It includes a password-protected ZIP file containing a ZIP archive that triggers the execution of a remote PowerShell script that launches Rhadamanthys stealer in memory. The attack mode was confirmed in a statement issued by Proofpoint, stating:
“This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors. Additionally, the actor appeared to use a PowerShell script that researchers suspect was generated by a large language model (LLM).”
Apple Spyware Alert System Gets Updated to Warn Victims of Mercenary Attacks
Apple has decided to go the extra mile to protect users by strengthening its mercenary spyware threat notification system, designed to raise awareness when a user is at risk. A statement by Apple about the development reads:
“Though deployed against a very small number of individuals—often journalists, activists, politicians, and diplomats—mercenary spyware attacks are ongoing and global.” The tech giant also claimed that the cost, sophistication, and worldwide nature of mercenary spyware attacks make them one of today’s advanced digital threats. Apple has also called out companies developing commercial surveillance tools actors use for individually targeted attacks.
FortiClientLinux Vulnerability gets Patched.
The vulnerabilities tracked CVE-2023-45590, with a CVSS score of 9.4 impacting FortiClientLinux version 7.0.3 through 7.0.4 and 7.0.6 through 7.0.10 and FortiClientLinux version 7.2.0 results from a dangerous NodeJs configuration. According to Fortinet:
“An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.”
Users are advised to upgrade to FortiClientLinux version 7.0.11 or above and FortiClientLinux version 7.2.1 or above, respectively. The patches also addressed the issues with the FortiClientMac installer.
Darkvault ransomware group has launched an attack on multiple businesses. Some of the victims are listed below.
Zane Benefits: This company specializes in HRAs, Software, Personalized Benefits, Tax Savings, Peace of Mind, QSEHRA, and Reimbursement benefits. It has over 50 employees and a revenue of $10 million.
Agribazaar: Agribazaar is a company dedicated to empowering farmers in all possible ways. The company specializes in agriculture, Online Marketplace, Auctions, Marketplace, Rural e-commerce, Agri trading, AgriTech, Precision Agriculture, Warehousing, Procurement, E-Mandi, Agri-Finance, Agri-Insurance, and Collateral Management. Agribazaar has over 200 employees and a revenue of $5 million.
Wexer: This digital fitness company specializes in Group Fitness, Virtual Training, Group Exercise, Cycling, and Digital Fitness. It has over 50 employees and a revenue of $5 million.
