Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
@rectifyq
172 subscribers
2 files
1.92K links
rectifyq.com
Rectifyq Cybersecurity News with approximate relevancy to Malaysia and contextualized using MISP Galaxies.

Relevancy
πŸ”΄- e.g. APT target πŸ‡²πŸ‡Ύ.
🟑- e.g. APT target Asian country.
πŸ”΅- e.g. Infostealers impact globally.
⚫- Good to know only.
Download Telegram
About
Blog
Apps
Platform
Join
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
172 subscribers
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Premium Deception: Uncovering a Global Android Carrier Billing Fraud Campaign
πŸ“…Date: 2026-05-20
πŸ”—References:
https://zimperium.com/blog/premium-deception-uncovering-a-global-android-carrier-billing-fraud-campaign

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΄ Highly Relevant
Category: βš” Threat
β€’ sub-category="campaign-analysis"
β€’ topic="mobile-attack"
β€’ target="broad-based"
β€’ mitre-att&ck="from-original-src"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="x"
β€’ action-taken="linkedin"

πŸ”–MISP Galaxies:
β€’ target-information="Croatia"
β€’ target-information="Malaysia"
β€’ target-information="Romania"
β€’ target-information="Thailand"
β€’ producer="Zimperium"
β€’ online-service="b0c71d51-34fd-47b5-9eb4-dd406ffc607f"
mitre-attack-pattern=['T1412', 'T1476', 'T1646', 'T1643', 'T1417', 'T1582', 'T1603', 'T1628.001', 'T1426', 'T1422', 'T1437.001']

MISP event uuid: 441a0a60-4abf-4afc-8318-eee24dbf5b68
Zimperium
Premium Deception: Uncovering a Global Android Carrier Billing Fraud Campaign
true
16 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Tracking TamperedChef Clusters via Certificate and Code Reuse
πŸ“…Date: 2026-05-20
πŸ”—References:
https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Palo Alto"
β€’ malpedia="TamperedChef"
β€’ target-information="Israel"
β€’ target-information="United States"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1033', 'T1539', 'T1204.002', 'T1566.002', 'T1553.002', 'T1082', 'T1140', 'T1555.003', 'T1016', 'T1083', 'T1102', 'T1057', 'T1547.001', 'T1027', 'T1518.001', 'T1027.002', 'T1071.001', 'T1105', 'T1124']

MISP event uuid: 5bc9258d-74d3-4847-aa11-ec0c8b67e156
Unit 42
Tracking TamperedChef Clusters via Certificate and Code Reuse
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets.
6 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Volume Obfuscation Game: The Lead Data Brokers Out To Waste Your Time
πŸ“…Date: 2026-05-20
πŸ”—References:
https://www.group-ib.com/blog/lead-data-obfuscation-brokers/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Group-IB"
β€’ country="china"
β€’ online-service="b0c71d51-34fd-47b5-9eb4-dd406ffc607f"
mitre-attack-pattern=[]

MISP event uuid: a2f1ae5e-505c-4075-a3d6-991e1637c63c
Group-IB
Volume Obfuscation Game: The Lead Data Brokers Out To Waste Your Time
An increasing number of data brokers active in Chinese-speaking dark web forums and Telegram channels are advertising large volumes of purportedly stolen data from organizations worldwide. But are they credible?
8 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Beyond Tax Returns: How Shared Malware Infrastructure Scales Brand Abuse In Indonesia
πŸ“…Date: 2026-05-19
πŸ”—References:
https://www.group-ib.com/blog/indonesia-tax-impersonation-goldfactory-malware/

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ TA-category="Cybercrime"
β€’ target="broad-based"
β€’ topic="mobile-attack"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Group-IB"
β€’ target-information="Indonesia"
β€’ target-information="Peru"
β€’ target-information="Philippines"
β€’ target-information="South Africa"
β€’ target-information="Thailand"
β€’ malpedia="Gigabud"
β€’ sector="Bank"
β€’ sector="Finance"
β€’ sector="Government, Administration"
β€’ malpedia="GoldDigger"
β€’ malpedia="Remo"
β€’ threat-actor="GoldFactory"
mitre-attack-pattern=['T1414', 'T1646', 'T1541', 'T1417.002', 'T1516', 'T1417.001', 'T1660', 'T1513', 'T1426', 'T1437.001', 'T1626', 'T1417', 'T1418', 'T1422']

MISP event uuid: 88e3ed61-0d4d-462b-9c4c-2298d7d7b9c3
Group-IB
Beyond Tax Returns: How Shared Malware Infrastructure Scales Brand Abuse In Indonesia
It’s tax season in Indonesia and fraudsters are observed to be ramping up the fraud campaign involving fake Coretax apps, but behind it lies an industrialized MaaS infrastructure ready to strike anywhere.
5 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Popular node-ipc npm Package Infected with Credential Stealer
πŸ“…Date: 2026-05-14
πŸ”—References:
https://socket.dev/blog/node-ipc-package-compromised

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1195.002', 'T1078', 'T1136', 'T1098', 'T1071.004', 'T1048.003', 'T1041', 'T1567', 'T1005', 'T1552.001', 'T1552.004', 'T1087', 'T1082', 'T1083', 'T1119', 'T1074.001', 'T1560.001', 'T1027', 'T1027.002', 'T1059.007']

MISP event uuid: ba313d52-d178-491a-ab42-0a79bdd9755b
Socket
Popular node-ipc npm Package Infected with Credential Steale...
Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.
6 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Inside a Tor Backed Supply Chain Worm
πŸ“…Date: 2026-05-14
πŸ”—References:
https://www.cloudsek.com/blog/inside-a-tor-backed-supply-chain-worm

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="CloudSEK"
mitre-attack-pattern=['T1195.002', 'T1554', 'T1543.002', 'T1027', 'T1078.004', 'T1078.001', 'T1087.001', 'T1552.001', 'T1552.006', 'T1563', 'T1098', 'T1036.005', 'T1090.003', 'T1071.001', 'T1059.006', 'T1548.001', 'T1496', 'T1005', 'T1041']

MISP event uuid: 76c07ddc-0f70-481e-9f63-c99aef0650b6
Cloudsek
Inside a Tor Backed Supply Chain Worm | CloudSEK
CloudSEK TRIAD uncovered a sophisticated npm supply chain attack using a typosquatted package, crypto-javascri, to mimic crypto-js. The malware steals npm and GitHub credentials, hijacks maintainer accounts, republishes trojanized packages, and uses Tor-based…
4 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: The Evolution of ClickFix: From Cleartext to Server Side Polymorphism
πŸ“…Date: 2026-05-14
πŸ”—References:
https://www.menlosecurity.com/blog/the-evolution-of-clickfix-from-cleartext-to-server-side-polymorphism

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ workflow="enrichment"
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"

πŸ”–MISP Galaxies:
β€’ malpedia="Vidar"
β€’ malpedia="DeerStealer"
mitre-attack-pattern=['T1204.001', 'T1566.002', 'T1059.001', 'T1027', 'T1140', 'T1071.001', 'T1105', 'T1055', 'T1112', 'T1497', 'T1070.004', 'T1082', 'T1555.003', 'T1555', 'T1539', 'T1005', 'T1041', 'T1027.002']

MISP event uuid: 6d14d444-58c0-45da-92e5-fca9cdcd7637
Menlosecurity
The Evolution of ClickFix: From Cleartext to Server Side Polymorphism - Blog | Menlo Security
Menlo has identified ~4,500 domains that belong to a Polymorphism campaign, demonstrating a massive infrastructure powering these evasive ClickFix attacks.
4 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Infostealer Campaign Using Trading App as Lure
πŸ“…Date: 2026-05-20
πŸ”—References:
https://hybrid-analysis.blogspot.com/2026/05/velvet-chollima-infostealer-campaign.html?m=1

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Hybrid Analysis"
mitre-attack-pattern=['T1566', 'T1204', 'T1036', 'T1553.002', 'T1547.001', 'T1053.005', 'T1059.001', 'T1027', 'T1105', 'T1082', 'T1012', 'T1518.001', 'T1056.001', 'T1555.003', 'T1567.001', 'T1071.001', 'T1132', 'T1497', 'T1497.001', 'T1614']

MISP event uuid: 08b137bc-104f-4dcc-a5ab-09ec9ce19b7b
6 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: APT Targets Azerbaijani Oil and Gas Industry
πŸ“…Date: 2026-05-13
πŸ”—References:
https://businessinsights.bitdefender.com/famoussparrow-apt-targets-azerbaijani-oil-gas-industry

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ sub-category="campaign-analysis"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Bitdefender"
β€’ target-information="Azerbaijan"
β€’ threat-actor="GhostEmperor"
β€’ country="china"
β€’ malpedia="SNAPPYBEE"
β€’ sector="Gas"
β€’ sector="Oil"
mitre-attack-pattern=['T1190', 'T1505.003', 'T1543.003', 'T1574.002', 'T1140', 'T1562', 'T1569.002', 'T1059.001', 'T1021.001', 'T1021.002', 'T1071.001', 'T1014']

MISP event uuid: 4513c651-0f6c-417a-8390-6a800dc28872
Bitdefender
FamousSparrow APT Targets Azerbaijani Oil and Gas Industry
Bitdefender Labs tracked APT activity targeting Azerbaijani oil and gas; the operation demonstrates notable technical and strategic characteristics.
8 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers
πŸ“…Date: 2026-05-21
πŸ”—References:
https://hunt.io/blog/middle-east-malicious-infrastructure-report

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="infra-profile"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Hunt.io"
mitre-attack-pattern=['T1543', 'T1071.004', 'T1566.001', 'T1053', 'T1106', 'T1140', 'T1190', 'T1583.001', 'T1036', 'T1055', 'T1497', 'T1059.001', 'T1098', 'T1562.001', 'T1078', 'T1027', 'T1573', 'T1071.001', 'T1136', 'T1105', 'T1204.001']

MISP event uuid: c40393cf-c35a-4e9c-89f7-442e9743e034
hunt.io
Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers
We mapped 1,350+ active C2 servers across 98 Middle East providers. Here's what the infrastructure data reveals about the region's threat landscape.
10 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: The Gentleman Ransomware | Defense Evasion TTPs Uncovered
πŸ“…Date: 2026-05-21
πŸ”—References:
https://www.huntress.com/blog/the-gentlemen-ransomware-defense-evasion-ttps

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ sub-category="intrusion-analysis"
β€’ TA-category="Ransomware"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Huntress"
β€’ ransomware="the gentlemen"
mitre-attack-pattern=['T1053.005', 'T1033', 'T1133', 'T1548.002', 'T1036.005', 'T1082', 'T1112', 'T1070.001', 'T1083', 'T1057', 'T1059.001', 'T1562.001', 'T1078', 'T1027', 'T1486', 'T1071.001', 'T1018', 'T1105', 'T1021.001', 'T1090.001']

MISP event uuid: bf870fb8-ded6-4287-a5f5-d67eb365e5e6
Huntress
The Gentleman Ransomware | Defense Evasion TTPs Uncovered | Huntress
Two recent incidents involving The Gentlemen ransomware show the use of defense evasion tactics, including logs being cleared and attempts to add antivirus exclusions.
11 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign
πŸ“…Date: 2026-05-21
πŸ”—References:
https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ sub-category="campaign-analysis"
β€’ topic="crypto-related"
β€’ TA-category="Cybercrime"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Trend Micro"
β€’ target-information="United States"
mitre-attack-pattern=[]

MISP event uuid: 955d2000-1779-4eef-85e8-245ce2a74d15
Trend Micro
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud β€˜Patriot Bait’ Campaign
A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences.
11 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: KerjaExpress Campaign - Android Banking Trojan Targeting Malaysian Financial Institutions
πŸ“…Date: 2026-05-23
πŸ”—References:

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΄ Highly Relevant
Category: βš” Threat
β€’ sub-category="campaign-analysis"
β€’ topic="mobile-attack"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ sector="Finance"
β€’ target-information="Malaysia"
mitre-attack-pattern=['T1476', 'T1437', 'T1406', 'T1660', 'T1453', 'T1636.002', 'T1412', 'T1512', 'T1429', 'T1417.001', 'T1430', 'T1657']

MISP event uuid: 375deb1c-52ff-499f-a96e-6229a2ed4673
8 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
πŸ“…Date: 2026-05-26
πŸ”—References:
https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="intrusion-analysis"
β€’ target="targeted"
β€’ samples-found-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Mandiant"
β€’ target-information="Japan"
mitre-attack-pattern=['T1036.005', 'T1204.002', 'T1566.002', 'T1222.001', 'T1082', 'T1106', 'T1190', 'T1070.006', 'T1505.003', 'T1087', 'T1083', 'T1057', 'T1059.001', 'T1547.001', 'T1027.005', 'T1068', 'T1027', 'T1573', 'T1059.003', 'T1071.001']

MISP event uuid: 7d11ee85-edb4-4c0d-8857-1c31a3bbf632
Google Cloud Blog
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability | Google Cloud Blog
12 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Laravel Lang Compromised with RCE Backdoor Across 700+ Versions
πŸ“…Date: 2026-05-23
πŸ”—References:
https://socket.dev/blog/laravel-lang-compromise

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1552.005', 'T1555.001', 'T1573.001', 'T1555.005', 'T1552.002', 'T1082', 'T1140', 'T1555.003', 'T1552.004', 'T1078.001', 'T1083', 'T1552.001', 'T1552.006', 'T1059.004', 'T1027', 'T1195.002', 'T1071.001', 'T1078.004', 'T1552.007']

MISP event uuid: 9fd4e771-9d30-4b3d-bdc9-9f5c6fa70541
Socket
Laravel Lang Compromised with RCE Backdoor Across 700+ Versi...
Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.
7 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
πŸ“…Date: 2026-05-22
πŸ”—References:
https://www.microsoft.com/en-us/security/blog/2026/05/22/from-edge-appliance-to-enterprise-compromise-multi-stage-linux-intrusion-via-f5-and-confluence/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="intrusion-analysis"
β€’ topic="cloud"
β€’ target="targeted"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Microsoft"
mitre-attack-pattern=['T1557', 'T1222.002', 'T1021.004', 'T1071', 'T1005', 'T1190', 'T1083', 'T1059.004', 'T1187', 'T1078.002', 'T1059.006', 'T1505', 'T1105', 'T1043']

MISP event uuid: fd752467-0d11-47e9-a740-deaf9985264d
Microsoft News
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerberos relay and lateral movement, and how…
9 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
πŸ“…Date: 2026-05-22
πŸ”—References:
https://research.checkpoint.com/2026/fast-and-furious-nimbus-manticore-operations-during-the-iranian-conflict/

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="geopolitical"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Check Point"
β€’ target-information="United States"
β€’ target-information="Australia"
β€’ target-information="Saudi Arabia"
β€’ target-information="Israel"
β€’ target-information="United Arab Emirates"
β€’ threat-actor="UNC1549"
β€’ country="iran"
mitre-attack-pattern=['T1053.005', 'T1033', 'T1132.001', 'T1036.005', 'T1204.002', 'T1573.001', 'T1566.002', 'T1566.001', 'T1082', 'T1106', 'T1140', 'T1083', 'T1057', 'T1041', 'T1027', 'T1059.003', 'T1189', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 5795b1d1-efb3-404b-91f4-3cc22a56ccd9
Check Point Research
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict - Check Point Research
Key Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strategic objectives through cyber operations. These activities included targeting internet-connected cameras…
10 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
πŸ“…Date: 2026-05-22
πŸ”—References:
https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ topic="geopolitical"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Palo Alto"
β€’ target-information="United States"
β€’ target-information="Israel"
β€’ target-information="United Arab Emirates"
β€’ country="iran"
β€’ threat-actor="UNC1549"
mitre-attack-pattern=['T1053.005', 'T1036.005', 'T1204.002', 'T1566.001', 'T1082', 'T1106', 'T1140', 'T1055', 'T1218', 'T1083', 'T1036.004', 'T1057', 'T1041', 'T1547.001', 'T1562.001', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1574.002']

MISP event uuid: cbfd6ef2-719f-4544-af73-580b5f764c5c
Unit 42
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns.
11 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
πŸ“…Date: 2026-05-22
πŸ”—References:
https://securelist.com/cloud-atlas-2026/119895/

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Kaspersky"
β€’ target-information="Belarus"
β€’ target-information="Russia"
β€’ threat-actor="Inception Framework"
β€’ sector="Diplomacy"
β€’ sector="Government, Administration"
mitre-attack-pattern=['T1003.002', 'T1074.001', 'T1087.002', 'T1204.002', 'T1566.001', 'T1005', 'T1140', 'T1055', 'T1572', 'T1090', 'T1482', 'T1059.001', 'T1547.001', 'T1078', 'T1027', 'T1573', 'T1071.001', 'T1018', 'T1021.001', 'T1558.003']

MISP event uuid: 7f23650f-d187-4f77-8965-5a32f48fdd80
14 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: RemotePE: The Lazarus RAT that lives in memory
πŸ“…Date: 2026-05-25
πŸ”—References:
https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="malware-analysis"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ samples-found-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ threat-actor="Lazarus Group"
mitre-attack-pattern=['T1543.003', 'T1082', 'T1106', 'T1005', 'T1140', 'T1055', 'T1560', 'T1562.006', 'T1083', 'T1036.004', 'T1497', 'T1057', 'T1562.001', 'T1027', 'T1573', 'T1132', 'T1027.002', 'T1071.001', 'T1574.002', 'T1480.001']

MISP event uuid: 97638d90-a35a-4490-80dd-f2e3d548c42e
Fox-IT International blog
RemotePE: The Lazarus RAT that lives in memory
Authors: Yun Zheng Hu and Mick Koomen Summary Last year, we published research1 about a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations, encountered during multip…
17 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ pinned Β«πŸ“ƒTitle: Premium Deception: Uncovering a Global Android Carrier Billing Fraud Campaign πŸ“…Date: 2026-05-20 πŸ”—References: https://zimperium.com/blog/premium-deception-uncovering-a-global-android-carrier-billing-fraud-campaign πŸ”–Rectifyq Taxonomies: Relevancy:…»