LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort

 Summary: A major international law enforcement operation, dubbed Operation Cronos, has led to the arrest of four individuals and the takedown of nine servers linked to the LockBit ransomware group. This includes a suspected developer in France, two individuals in the UK, and an administrator in Spain who provided hosting services. LockBit, a notorious ransomware group, has been responsible for numerous financially motivated cyberattacks.

Reference: https://thehackernews.com/2024/10/lockbit-ransomware-and-evil-corp.html

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

Summary: A large-scale fraud campaign has been exploiting fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites, to deceive victims globally, according to cybersecurity firm Group-IB. This scam, part of the notorious "pig butchering" scheme, tricks victims into making fake cryptocurrency or financial investments, often under the guise of a romantic or advisory relationship.

Reference: https://thehackernews.com/2024/10/fake-trading-apps-target-victims.html

Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores (hackread.com)

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

Summary: A recent spear-phishing email campaign has targeted recruiters using a JavaScript backdoor known as More_eggs. This malware, associated with the Golden Chickens group, enables attackers to extract sensitive credentials from compromised systems.

• This is an usual modus operandi of the attacker to do the high profile attack by initialising the attack phase using phishing emails.
• To protect from such attacks need to focus on email security (by using email security solution and email authentication protocol) and conduct the training program for the employee regarding to phishing exercise.

Reference: https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html

Attackers Targeting Recruiters With More_Eggs Backdoor (darkreading.com)

Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Summary: Recent reports reveal that approximately 5% of all Adobe Commerce and Magento stores have been compromised due to a critical security vulnerability known as CosmicSting (CVE-2024-34102), which has a CVSS score of 9.8. This vulnerability, linked to improper restrictions on XML external entity references (XXE), allows for remote code execution and was patched by Adobe in June 2024.

• We have to focus on vulnerability assessment and risk management program to protect from such kind of attacks.

Reference: https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html

CosmicSting Exploit Targets Adobe Commerce and Magento Stores, Impacting 5% of All Stores - VULNER

 INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

Summary: The cybercriminals posed as buyers on small advertising websites and used QR codes to direct victims to fraudulent websites that mimicked a legitimate payment platform. The main suspect behind the attacks confessed to the scheme and making illicit financial gains of over $1.9 million.

Reference: INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (thehackernews.com) 

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.