The 3CX supply chain attack was the result of previously undiscovered X-Trader supply chain attack
The 3CX CEO wasn't lying about an upstream vendor being the result of the compromise.
tl;dr supply chain attack to supply chain attack
More information: https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
The 3CX CEO wasn't lying about an upstream vendor being the result of the compromise.
tl;dr supply chain attack to supply chain attack
More information: https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Cloud Blog
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsibleβ¦
π±12π7β€2π2π―1
February 21st, 2023, ALPHV ransomware group informed their affiliates of a new 'product' update.
Their new ransomware variant is named Sphynx.
Their new ransomware variant is named Sphynx.
π14π«‘7π₯2β€1
We've updated the vx-underground malware sample collection. We have added new samples for the following families:
- Nanocore
- AsyncRAT
- NetwireRAT
- AgentTesla
- LokiBot
- Formbook
- CobaltStrike
- NjRat
- Chaos Ransomware
Check it out here: https://samples.vx-underground.org/samples/Families/
- Nanocore
- AsyncRAT
- NetwireRAT
- AgentTesla
- LokiBot
- Formbook
- CobaltStrike
- NjRat
- Chaos Ransomware
Check it out here: https://samples.vx-underground.org/samples/Families/
β€14π₯7π2
Today someone stole 3,600lbs (1632kg) of Gold from the Toronto Pearson Airport. It is valued at roughly $100,000,000.
The police currently have no suspects. Unrelated to malware of course, but such a ballsy heist is impressive.
More information:
https://www.cbc.ca/news/canada/toronto/gold-heist-pearson-airport-toronto-1.6817345
The police currently have no suspects. Unrelated to malware of course, but such a ballsy heist is impressive.
More information:
https://www.cbc.ca/news/canada/toronto/gold-heist-pearson-airport-toronto-1.6817345
CBC
$20M worth of gold, other items stolen in 'very rare' heist at Pearson Airport, police say | CBC News
Peel police are investigating the theft of a "high value container" with items worth an estimated $20 million from Toronto's Pearson Airport early Monday evening.
π«‘43π₯°18β€5π4π2π1π€©1π1
An unknown Threat Actor has compromised the European Union's web domain and is using it to distribute Fortnite V-Bucks scams...
They've also compromised 15 other high-profile websites. See full list in attached image below.
Information via g0njxa and Gi7w0rm
They've also compromised 15 other high-profile websites. See full list in attached image below.
Information via g0njxa and Gi7w0rm
π€£66π3β€2π2
Use Twitter image description feature as a C2.
See example in attached link: https://twitter.com/vxunderground/status/1649251062820249600
See example in attached link: https://twitter.com/vxunderground/status/1649251062820249600
X (formerly Twitter)
vx-underground (@vxunderground) on X
Use Twitter image description feature as a C2
π₯°13π―2π«‘2β€1
ALPHV ransomware group modus operandi has changed. The recent victim postings tone has changed significantly. They do not come across as calm and professional as ALPHV traditionally has.
Someone is new to their group and much more vocal.
Image 1. New ALPHV
Image 2. Old ALPHV
Someone is new to their group and much more vocal.
Image 1. New ALPHV
Image 2. Old ALPHV
π€£27β€5π₯4π3π±2
Symantec Threat Hunter Team discovered the X-Trader supply chain attack, which resulted in the 3CX supply chain attack, hit critical infrastructure - European and American electrical grid suppliers
More information: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
More information: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
Security
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.
π±14π2π«‘2β€1π1
There is a direct correlation between hours of anime watched and reverse engineering skills.
The longer someone watches anime, the better they are at reverse engineering.
Scientists do not know why.
The longer someone watches anime, the better they are at reverse engineering.
Scientists do not know why.
π57π€£32π±17π«‘11π€―7β€5π₯3π3π―3π’2π€©2
Andy Greenberg's book "Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency" is an incredible book. It reads well. It allows a reader to understand the flaws in cryptocurrency and truly emphasizes the incredible research by people like Sarah Meiklejohn.
This isn't an advertisement for him - this book is genuinely an amazing read. Shoutout to Andy.
This isn't an advertisement for him - this book is genuinely an amazing read. Shoutout to Andy.
π―56β€14π9π₯7π3
We've updated the vx-underground malware sample collection. We have added new samples for the following families:
- AgentTesla
- AsyncRAT
- WhisperGate
- RagnarLocker
- YoungLotus
- Blackmoon
- Emotet
- Remcos
- Trickbot
Check it out here: https://samples.vx-underground.org/samples/Families/
- AgentTesla
- AsyncRAT
- WhisperGate
- RagnarLocker
- YoungLotus
- Blackmoon
- Emotet
- Remcos
- Trickbot
Check it out here: https://samples.vx-underground.org/samples/Families/
π₯16π5
We've updated the vx-underground malware source code collection. We've added Win32.SimpleWalletClipper.Xss.
Special thanks to BasssterLord/NationalHazardAgency for getting the source code for us.
Check it out here: https://github.com/vxunderground/MalwareSourceCode/tree/main/Win32/Stealers
Special thanks to BasssterLord/NationalHazardAgency for getting the source code for us.
Check it out here: https://github.com/vxunderground/MalwareSourceCode/tree/main/Win32/Stealers
β€βπ₯10β€4π1π₯1π1
We've updated the vx-underground malware collection.
- InTheWild.0067
We have added new samples for the following families:
- BlackCatRansomware
- FormBook
- AsyncRAT
- Amadey
- Danabot
- Emotet
- WhisperGate
- LokiBot
- Remcos
Check it out here: https://vx-underground.org/malware.html
- InTheWild.0067
We have added new samples for the following families:
- BlackCatRansomware
- FormBook
- AsyncRAT
- Amadey
- Danabot
- Emotet
- WhisperGate
- LokiBot
- Remcos
Check it out here: https://vx-underground.org/malware.html
π14β€βπ₯3