Daily Cyber Intel Brief: 11/23/2024

Today: Russian APT 28 — North Korean AI Scams $10M — APT-K-47 Malware — Russian HATVIBE Malware — Chinese Linux Backdoor

Get the critical updates you need as a cybersecurity professional or business leader without the time drag or hassle.

No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and FREE. Designed for efficiency, I pinpoint the most critical cybersecurity events security professionals and business leaders need to know, and I publish them every business day by 9 AM CT for you.

Subscribe to receive automated notifications and stay ahead of critical developments — NO SPAM, just concise, relevant updates delivered directly to your inbox.

You can connect with me on LinkedIn and join my professional network.

11/23/2024 — New Cybersecurity Updates

Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’ — Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called “nearest neighbor attack.” Source

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn — The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. Source

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware — The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asyncshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Source

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia — Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future’s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. Source

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign — A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. Source

Cyberattack Disrupts Systems of Gambling Giant IGT — Gambling giant IGT says it has taken certain systems offline in response to a cyberattack discovered over the weekend. Source

Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit — Noteworthy stories that might have slipped under the radar: Nvidia fixes vulnerability with rare ‘critical’ severity, Chinese APT’s first Linux backdoor, new details emerge from the WhatsApp-NSO lawsuit. Source

The Real World — 324,382 breached accounts — In November 2024, the online course founded by Andrew Tate known as “The Real World” (previously “Hustler’s University” suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses, and chat logs. Source

Get notified when I publish new articles so you don’t miss the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.

As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.

Free Bayesian Primers for Cybersecurity Professionals:

Bayes Theorem Primer — https://timlaytonllc.com/bayesprimer/

Bayesian Network Primer — https://timlaytonllc.com/bnprimer/

Privacy: Tim Layton & Associates, LLC respects your privacy and is committed to protecting your personal information. For more details, please review our Privacy Policy.

Copyright: Copyright © 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.

Originally published at https://timlaytonllc.com on November 23, 2024.