Global Cyber Threat Intelligence Archives

APT36 Vibeware Campaign: Pakistan’s Transparent Tribe Weaponizes AI to Mass-Produce Malware Targeting India

acint2 months ago04 mins

Pakistan-aligned threat actor Transparent Tribe (APT36) has embraced AI-assisted malware development to flood Indian government networks with disposable, polyglot implants—a technique security researchers are calling “vibeware” or Distributed Denial of Detection (DDoD). AI-Powered Malware Industrialization According to Bitdefender’s research, APT36 has shifted from sophisticated, handcrafted implants to high-volume, AI-generated malware written in obscure programming languages…

Pakistan’s APT36 Floods Indian Government Networks With AI-Generated ‘Vibeware’ Malware

acint2 months ago03 mins

A Pakistan-linked threat group is overwhelming Indian government networks with a new breed of disposable, AI-generated malware in a campaign that marks a concerning shift in the digital conflict between the two nations. According to research from Bitdefender, the threat actor APT36 (also known as Transparent Tribe) has shifted away from sophisticated, carefully crafted tools…

Flash Report: LockBit Ends 2023 with Record Number of Attacks

bulwarkblack2 years ago2 years ago01 mins

Read Article Key Findings

Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL

bulwarkblack2 years ago02 mins

Read Article Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32 Carbanak (Anunak) Vulnerability: Named Pipe Null DACL Family: Carbanak Type: PE32 MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1 Vuln ID: MVID-2024-0667 Dropped files: AlhEXlUJ.exe, AlhEXlUJbVpfX1EMVw.bin Disclosure: 01/09/2024 Description: Carbanak malware creates 8 named pipes used for C2 and interprocess…

Financially motivated threat actors misusing App Installer

bulwarkblack2 years ago02 mins

Read Article Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks. In response to this…

Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors

bulwarkblack2 years ago2 years ago01 mins

Read Article Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign presented to users in sponsored search engine results and social media posts, consistent with activity reported in From DarkGate to DanaBot. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and…

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the GlobeTurkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

bulwarkblack2 years ago2 years ago01 mins

Read Article Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of ‘access’ to the compromised host,…

100 Days of YARA – 2023

bulwarkblack2 years ago2 years ago01 mins

https://bitsofbinary.github.io/yara/2023/01/01/100daysofyara.html