Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”
We found evidence suggesting the threat actor is targeting the Uzbekistan Ministry of Foreign Affairs and users in South Korea.
We assess with high confidence that the SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade, with customized commands to facilitate the remote administration tasks as directed by the C2 and modified communication protocol based on the similarity of the command structure and the strings used in the code.
Talos assesses with low confidence that a Chinese-speaking threat actor is operating this campaign based on the artifacts we found in the attack samples.
During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like. And time is not on your side.
Cobalt Strike is essentially a tool that is used for red teaming – an attack simulation that helps to closely simulate the processes of a real attack. The responsible departments within a company that has commissioned the simulation are informed and the use of the tool is authorized. However, since various versions of this tool have fallen into the hands of criminals, Cobalt Strike is also often used for real attacks by criminals.
European police have for the first time made an arrest after remotely checking Interpol’s trove of biometric data to identify a suspected smuggler.
The fugitive migrant, we’re told, gave a fake name and phony identification documents at a police check in Sarajevo, Bosnia and Herzegovina, while traveling toward Western Europe. And he probably would have got away with it, too, if it weren’t for you meddling kids Interpol’s Biometric Hub – a recently activated tool that uses French identity and biometrics vendor Idemia’s technology to match people’s biometric data against the multinational policing org’s global fingerprint and facial recognition databases.
Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.
The vulnerabilities, both of which reside in the WebKit web browser engine, are described below –
CVE-2023-42916 – An out-of-bounds read issue that could be exploited to leak sensitive information when processing web content.
CVE-2023-42917 – A memory corruption bug that could result in arbitrary code execution when processing web content.