Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
@rectifyq
172 subscribers
2 files
2K links
rectifyq.com
Rectifyq Cybersecurity News with approximate relevancy to Malaysia and contextualized using MISP Galaxies.

Relevancy
๐Ÿ”ด- e.g. APT target ๐Ÿ‡ฒ๐Ÿ‡พ.
๐ŸŸก- e.g. APT target Asian country.
๐Ÿ”ต- e.g. Infostealers impact globally.
โšซ- Good to know only.
Download Telegram
About
Blog
Apps
Platform
Join
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
172 subscribers
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: WebAssembly Malware Found in Trojanized Open VSX Extensions
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://socket.dev/blog/glasswasm-malware-open-vsx-extensions

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1195.001', 'T1036.005', 'T1204.002', 'T1573.001', 'T1497.001', 'T1140', 'T1497.003', 'T1102', 'T1059.001', 'T1059.004', 'T1562.001', 'T1027', 'T1518.001', 'T1059.003', 'T1071.001', 'T1105', 'T1102.001']

MISP event uuid: 43eb70af-9f4f-4cb9-98c9-15bcea35e6a9
Socket
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ...
The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure.
4 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Gamers beware: malicious wallpapers on Steam found stealing accounts
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Kaspersky"
โ€ข target-information="British Indian Ocean Territory"
โ€ข target-information="Canada"
โ€ข target-information="China"
โ€ข target-information="Germany"
โ€ข target-information="Hong Kong"
โ€ข target-information="India"
โ€ข target-information="Russia"
โ€ข target-information="Singapore"
mitre-attack-pattern=['T1543', 'T1539', 'T1547', 'T1564', 'T1071', 'T1140', 'T1562', 'T1555', 'T1055', 'T1560', 'T1608', 'T1204', 'T1574', 'T1078', 'T1027', 'T1573', 'T1496', 'T1485', 'T1518', 'T1105']

MISP event uuid: 51c79e71-685f-4c88-b907-1579de218020
4 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: New APT-Q-27 sample spotted
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://x.com/askardyuss/status/2066859258130665974

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="malware-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1036', 'T1059', 'T1027', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 2af465d9-1888-4e99-abe1-dc82d348aa41
X (formerly Twitter)
Askar (@askardyuss) on X
#ThreatIntel New APT-Q-27 sample spotted! ๐Ÿšจ

The attack leverages a valid digital signature from "ๅนฟๅทžๆ ฉๅ† ็ง‘ๆŠ€ๆœ‰้™ๅ…ฌๅธ" (not revoked yet). The dropper fetches an extension-based module list from C2. Current payloads use DLL Side-Loading via a legitimate Tencent-signedโ€ฆ
4 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Bluekit Phishing as a Service (PhaaS)
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: ๐Ÿ’‰ Vulnerability
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="tool-profile"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="CloudSEK"
mitre-attack-pattern=[]

MISP event uuid: cab18fbe-dd41-40ba-9768-7b2329c53e94
Cloudsek
Bluekit Phishing as a Service (PhaaS) | CloudSEK
BlueKit is turning phishing into a subscription business, offering 87 ready-made kits, automated account takeover and stealthy peer-to-peer infrastructure. CloudSEKโ€™s investigation reveals how this mature PhaaS platform helps even low-skilled criminals targetโ€ฆ
4 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ€“ Claim Your Ethical Disclosure
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/
https://www.linkedin.com/feed/update/urn:li:activity:7471222472193830913/
https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: ๐Ÿ’ฅ Data Breach
โ€ข sub-category="report"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

MISP event uuid: 62d63a50-b78f-45df-98a9-da606487a500
InfoStealers
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ€“ Claim Your Ethical Disclosure
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: ClickFix Campaign Generated Via AI Delivers SmartRAT
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="ai"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Zscaler"
โ€ข target-information="Brazil"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1543.003', 'T1082', 'T1071', 'T1106', 'T1005', 'T1140', 'T1036', 'T1055', 'T1185', 'T1112', 'T1059', 'T1497', 'T1059.001', 'T1566', 'T1027', 'T1070.004', 'T1518', 'T1569.002']

MISP event uuid: b8e89796-9b5f-440b-aa35-6426dd5ab953
Zscaler
AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz
ThreatLabz analyzes an AI generated ClickFix campaign that delivers SmartRAT.
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://blog.xlab.qianxin.com/arystinger-botnet-hijacks-legacy-routers-for-global-attacks-en/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข target-information="China"
โ€ข target-information="Malaysia"
โ€ข target-information="Singapore"
โ€ข target-information="South Korea"
โ€ข target-information="Sweden"
mitre-attack-pattern=['T1543', 'T1082', 'T1071', 'T1190', 'T1021', 'T1016', 'T1087', 'T1090', 'T1059', 'T1083', 'T1049', 'T1057', 'T1027', 'T1573', 'T1095', 'T1505', 'T1071.001', 'T1136', 'T1018', 'T1046']

MISP event uuid: 65db42c9-e25b-479e-95cf-d21fd34c73ae
ๅฅ‡ๅฎ‰ไฟก X ๅฎž้ชŒๅฎค
More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers
Background


On May 20, 2026, the Ministry of State Security's WeChat official account published an article "Your internet is slow, and the culprit turns out to be this!", highlighting that outdated routers are becoming a key entry point for threat actorsโ€ฆ
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://www.acronis.com/en/tru/posts/from-emerging-threat-to-top-tier-ransomware-as-a-service-the-evolution-of-inc-ransomware/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="TA-profile"
โ€ข TA-category="Ransomware"
โ€ข target="broad-based"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="8545fbf3-a246-4938-96a9-85a24651ebde"
โ€ข ransomware="inc ransom"
mitre-attack-pattern=['T1557', 'T1003', 'T1489', 'T1071', 'T1190', 'T1567', 'T1219', 'T1021.002', 'T1112', 'T1083', 'T1566', 'T1562.001', 'T1078', 'T1486', 'T1027.002', 'T1018', 'T1021.001', 'T1569.002', 'T1490']

MISP event uuid: 3b84c17c-e7c9-4b2f-89aa-2a39620d3f4c
Acronis
From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware
INC has evolved from an emerging ransomware-as-a-service (RaaS) operation into one of the most active ransomware groups in 2026, claiming more than 800 victims since 2023.
5 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: 140+ npm Packages Compromised in Coordinated Supply Chain Attack
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://socket.dev/blog/mastra-npm-packages-compromised

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1132.001', 'T1059.007', 'T1543.003', 'T1497.001', 'T1082', 'T1005', 'T1140', 'T1185', 'T1555.003', 'T1083', 'T1057', 'T1041', 'T1547.001', 'T1027', 'T1195.002', 'T1543.001', 'T1070.004', 'T1071.001', 'T1543.002', 'T1547.013']

MISP event uuid: 79140557-e79d-42f1-ac42-9cfda99c9709
Socket
140+ Mastra npm Packages Compromised in Coordinated Supply C...
More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infosteale...
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Okendo Reviews Supply Chain Attack
๐Ÿ“…Date: 2026-06-18
๐Ÿ”—References:
https://www.zscaler.com/blogs/security-research/smartapesg-launches-okendo-reviews-supply-chain-attack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Zscaler"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1204.002', 'T1566.002', 'T1082', 'T1140', 'T1059', 'T1218.005', 'T1059.001', 'T1547.001', 'T1027', 'T1573', 'T1195.002', 'T1203', 'T1071.001', 'T1059.005', 'T1105', 'T1204.001']

MISP event uuid: 2bed1cd7-b7d1-4eb0-b03f-9499f23ccc05
Zscaler
SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz
ThreatLabz identified a SmartApeSG-linked supply chain attack that targeted the Okendo Reviews widget impacting thousands of e-commerce sites.
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Operation Endgame vs. SocGholish Fake Updates
๐Ÿ“…Date: 2026-06-18
๐Ÿ”—References:
https://www.infoblox.com/blog/threat-intelligence/hot-take-operation-endgame-vs-socgholish/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข sub-category="report"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Infoblox"
โ€ข malpedia="FAKEUPDATES"
โ€ข threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1053.005', 'T1033', 'T1132.001', 'T1059.007', 'T1069', 'T1204.002', 'T1082', 'T1036', 'T1087', 'T1583.003', 'T1083', 'T1547.001', 'T1027', 'T1567.002', 'T1518.001', 'T1189', 'T1071.001', 'T1584.001']

MISP event uuid: 0cb847d3-4247-4df8-990c-25e60867a1ce
Infoblox Blog
Operation Endgame vs. SocGholish Fake Updates
Nearly 55% of enterprises were exposed to SocGholish through compromised websites before Operation Endgame disrupted the malware actor connected to EvilCorp.
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation
๐Ÿ“…Date: 2026-06-18
๐Ÿ”—References:
https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข sub-category="report"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Proofpoint"
โ€ข target-information="United States"
โ€ข target-information="Australia"
โ€ข target-information="Canada"
โ€ข target-information="Germany"
โ€ข target-information="Netherlands"
โ€ข target-information="United Kingdom"
โ€ข malpedia="FAKEUPDATES"
โ€ข threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1059.007', 'T1547', 'T1204.002', 'T1566.002', 'T1140', 'T1190', 'T1219', 'T1036', 'T1090.002', 'T1041', 'T1059.001', 'T1562.001', 'T1078', 'T1027', 'T1486', 'T1203', 'T1189', 'T1071.001', 'T1105', 'T1564.001']

MISP event uuid: cbbb0cbd-c005-4ce4-b14e-402de47bd176
Proofpoint
Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation | Proofpoint US
Key Findings Global law enforcement and private sector partners worked to disrupt activity related to TA569, as part of Operation Endgame. TA569 is one of the most prominent
5 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: May 2026 Infostealer Trend Report
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://asec.ahnlab.com/en/94172/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข sub-category="report"
โ€ข target="broad-based"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="AhnLab"
โ€ข malpedia="Lumma Stealer"
โ€ข malpedia="Remus"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1539', 'T1082', 'T1005', 'T1140', 'T1555', 'T1036', 'T1083', 'T1204', 'T1057', 'T1041', 'T1071.002', 'T1547.001', 'T1566', 'T1059.004', 'T1027', 'T1203', 'T1071.001', 'T1574.002']

MISP event uuid: 5c39093d-4670-4614-8a23-63442c98e015
ASEC
May 2026 Infostealer Trend Report - ASEC
May 2026 Infostealer Trend Report ASEC
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-in-malvertising.html

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="infra-profile"
โ€ข topic="ai"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Trend Micro"
โ€ข target-information="British Indian Ocean Territory"
โ€ข target-information="France"
โ€ข target-information="Hong Kong"
โ€ข target-information="India"
โ€ข target-information="Italy"
โ€ข target-information="Japan"
โ€ข target-information="Malaysia"
โ€ข target-information="Singapore"
โ€ข target-information="Taiwan"
mitre-attack-pattern=['T1033', 'T1539', 'T1036.005', 'T1497.001', 'T1566.002', 'T1082', 'T1005', 'T1140', 'T1555', 'T1555.003', 'T1083', 'T1552.001', 'T1583.006', 'T1041', 'T1059.004', 'T1204.003', 'T1189', 'T1105', 'T1102.001']

MISP event uuid: f66d7792-44c8-4b5a-8f0e-7357bd8352cb
Trend Micro
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai's own platform, turning the trusted domain into a delivery mechanismโ€ฆ
6 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: GitBait: Phishing targeting the Mexican financial sector
๐Ÿ“…Date: 2026-06-18
๐Ÿ”—References:
https://www.group-ib.com/blog/gitbait-phishing-mexico-banking-finance-es/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Group-IB"
โ€ข target-information="Mexico"
โ€ข sector="Bank"
mitre-attack-pattern=[]

MISP event uuid: 10458e7b-10eb-4cde-8201-cf2cab6aef88
Group-IB
GitBait: Phishing dirigido al sector financiero mexicano
5 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Twitter Feed - nextronresearch - 17-06-2026
๐Ÿ“…Date: 2026-06-18
๐Ÿ”—References:
https://x.com/nextronresearch/status/2067230614424600844

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="malware-analysis"
โ€ข target="broad-based"
โ€ข TA-category="APT"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข target-information="India"
โ€ข threat-actor="SideCopy"
โ€ข threat-actor="Operation C-Major"
mitre-attack-pattern=['T1547', 'T1204.002', 'T1566.001', 'T1082', 'T1140', 'T1036', 'T1112', 'T1059.001', 'T1547.001', 'T1027', 'T1027.002', 'T1071.001', 'T1105', 'T1204.001']

MISP event uuid: d76f1307-3376-49af-bc2c-bc11d8e6c5df
X (formerly Twitter)
Nextron Research โšก๏ธ (@nextronresearch) on X
Same actor, new lure. This SideCopy (APT36) chain swaps the military briefing for a fake "Minutes Of Meeting" Word doc

Identical playbook: a double-extension Minutes Of Meeting.docx.lnk fires a PowerShell stager (pdfdocs.bat) from a nested pdfdocs\ folderโ€ฆ
11 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Klue Integration Abused in Salesforce Data Theft | Threat Spotlight
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://reliaquest.com/blog/threat-spotlight-integration-abused-in-crm-data-theft

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="ReliaQuest"
mitre-attack-pattern=['T1213.002', 'T1119', 'T1530', 'T1106', 'T1567', 'T1087', 'T1102', 'T1528', 'T1041', 'T1078', 'T1567.002', 'T1059.006', 'T1213', 'T1071.001', 'T1550.001']

MISP event uuid: eb6c5ce1-e012-43a3-abcd-737099a4de83
ReliaQuest
Klue Integration Abused in Salesforce Data Theft | ReliaQuest Threat Spotlight
Attackers had 24 hours of bulk CRM extraction through a compromised Klue integrationโ€”learn what steps you need to take to revoke, hunt, and lock down access immediately
10 views