Threat Intelligence RoundUp: November

December 02, 2024

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel – The Hacker News

The advanced persistent threat (APT) WIRTE, believed to be associated with the Hamas-affiliated Gaza Cyber Gang, has expanded its cyber operations to target Israeli entities. The threat actor was previously engaged in espionage operations targeting the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt. Full article here.

2. Russian Espionage Group Targets Ukrainian Military with Malware via Telegram – The Hacker News

On October 28, Google’s Threat Intelligence Group released a report exposing a suspected hybrid Russian espionage and influence operation targeting the Ukrainian military. As highlighted in the report, the campaign—being tracked as “UNC5812”—utilizes a Telegram persona named “Civil Defense” to deliver malware to its targets. The Telegram account claims to be a “provider of free software programs designed to enable potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters.” In addition to delivering malware, UNC5812 is also carrying out an influence operation intended to undermine support for Ukraine’s mobilization efforts. Read more.

3. U.S. government employee charged in leak of Israel’s plans to attack Iran – CBS News

The U.S. Department of Justice (DOJ) has charged Asif W. Rahman—who was formerly employed by the Central Intelligence Agency (CIA)—for allegedly leaking highly classified U.S. intelligence documents regarding Israel’s plans for a retaliatory strike against Iran. Rahman was charged with “two counts of illegal transmission of national defense information.” Article here.

4. New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers – The Hacker News

Researchers have identified a new Android banking malware dubbed “ToxicPanda” that has already infected over 1,500 devices. Though initially believed to be associated with the TgToxic banking trojan family, analysts at Cleafy Threat Intelligence have identified “significant differences in the campaign’s code,” which has prompted the Cleafy team to track the new family as ToxicPanda. Read article.

5. Hacker gets 10 years in prison for extorting US healthcare provider – Bleeping Computer

In a November 13 press release, the U.S. Department of Justice (DOJ) announced that 45-year-old Robert Purbeck from Meridian, Idaho, was sentenced to 10 years in prison “for hacking into the computer servers of 19 victims across the United States.” Purbeck also stole the personally identifiable information (PII) of more than 132,00 individuals and was found to have engaged in multiple attempts of extortion. Full article here.

6. Redline, Meta infostealer malware operations seized by police – Bleeping Computer

On October 28, the international law enforcement task force “Operation Magnus” disrupted the RedLine and META infostealer operations. The task force consisted of the Dutch National Police as well as authorities from the U.S., U.K., Belgium, Portugal, and Australia. As highlighted in a press release from the European Union Agency for Criminal Justice Cooperation (Eurojust), RedLine and META had targeted “millions of victims worldwide,” making them two of the most prevalent infostealers in the world. Full article.

7. Phishing emails increasingly use SVG attachments to evade detection – Bleeping Computer

Cybersecurity researchers have observed threat actors using Scalable Vector Graphics (SVG) attachments in phishing emails to evade detection. The SVG image format uses XML-based code rather than pixels to create an image; this format allows the attachments to bypass email protections and thereby distribute malware. As highlighted by BleepingComputer, threat actors are able to create SVG attachments that “not only display images but also create phishing forms to steal credentials.” Read more.

8. Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps – The Hacker News

Researchers at FortiGuard Labs have identified instances of the advanced malicious framework “Winos 4.0” being hidden in gaming-related applications. These have included “installation tools, speed boosters, and optimization utilities.” Winos 4.0 was previously observed being used in the campaigns “Void Arachne” and “Silver Fox,” as documented by Trend Micro and the KnownSec 404 Team in June. Read article.

The DOJ has announced the indictment of two suspected hackers—Connor Riley Moucka and John Erin Binns—for hijacking Snowflake cloud storage accounts to steal data. As many as 165 Snowflake customers may have been impacted by the hackers’ operations. As noted in the indictment, Moucka and Binns used stolen access credentials to gain access to the victims’ Cloud Computing Instances and to download data. Read more.


Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.