Espionage knows no borders, as Earth Estries demonstrated in its global campaign against telecom and government agencies. Armed with advanced tools, the Chinese APT group has been infiltrating networks across Asia-Pacific, the Middle East, South Africa, and the U.S. Meanwhile, Russian threat group APT28 introduced the Nearest Neighbor Attack, exploiting unprotected Wi-Fi networks in a novel approach to cyber espionage. Adding to the chaos, a phishing campaign weaponized Google Docs and Weebly sites to impersonate brands like AT&T, luring victims in the telecom and financial sectors into handing over sensitive information. Here are the top 10 highlights from the weekend.
01
Earth Estries, a Chinese APT group, has been actively targeting telecommunications and government agencies across the U.S., Asia-Pacific, Middle East, and South Africa. It uses the new GHOSTSPIDER backdoor, along with SNAPPYBEE and MASOL RAT.
02
Russian APT GruesomeLarch (APT28) launched the Nearest Neighbor Attack by exploiting unprotected Wi-Fi networks and software vulnerabilities to target a Ukrainian organization.
03
The threat actor Mysterious Elephant has been using Asyncshell to target entities in South Asia. It employed Hajj-themed lures in a spear-phishing campaign to deliver a backdoor called ORPCBackdoor.
04
A high-severity vulnerability (CVE-2024-11477) has been found in 7-Zip, allowing attackers to execute malicious code due to an integer underflow flaw. Users are advised to update to version 24.07 or later.
05
A phishing campaign targeted telecom and financial sectors, using Google Docs to bypass defenses and Weebly sites mimicking brands like AT&T to steal sensitive information via fake login pages.
06
Microsoft revealed that a North Korea-linked group called Sapphire Sleet has stolen over $10 million in cryptocurrency through social engineering schemes.
07
Five ransomware groups, including RansomHub and LockBit 3.0, were responsible for 40% of cyberattacks in Q3 2024, as per a report. Ransomware attacks targeting VPN bugs and weak passwords accounted for nearly 30% of incidents.
08
QNAP issued a security advisory for its QuRouter network appliance, addressing CVE-2024-48860 and CVE-2024-48861 vulnerabilities, which could allow remote attackers to execute arbitrary commands.
09
A critical-severity vulnerability, CVE-2024-9511, has been found in the FluentSMTP WordPress plugin, potentially allowing attackers to execute arbitrary code.
10
Researchers uncovered attacks on IaC and PaC tools like Terraform and OPA, exploiting Rego policies or DNS tunneling to exfiltrate data, bypassing security measures in cloud platforms.
