Threat Intelligence Bulletin – Weaponized PLCs, Response-based Attacks, and APT41

August 18, 2022

Researchers describe attack technique that weaponizes programmable logic controllers to gain entry to workstations and subsequently invade networks

https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html

Open redirect flaws being used to bypass spam filters and harvest credentials

https://cyware.com/news/open-redirect-flaws-abused-in-logokit-campaigns-8d798447

Chrome unvalidated input zero-day patched, being actively exploited

https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/

41% of all email-based scams are response-based attacks in Q2 of this year

https://www.helpnetsecurity.com/2022/08/17/response-based-attacks-climbed/

Several threat actors using DarkTortilla crypter to distribute info-stealers and RATs

https://www.darkreading.com/vulnerabilities-threats/darktortilla-sophisticated-malware-rat-infections

Exploit for Realtek networking devices with RLT819x chip released online

https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/

Bumblebee malware loader being increasingly used by threat actors

https://thehackernews.com/2022/08/hackers-using-bumblebee-loader-to.html

Chinese threat actor APT41 (Wicked Spider) targeted at least 80 orgs last year, primarily hospitality and software development in the US and universities in UK and Ireland. Sources also outline their TTPs including how they hid their C2 beacons

Lazarus group targeting Apple M1 chips using executables distributed through fake cryptocurrency job postings

Tags:Cybersecurity, News

Related Posts