{"id":121,"date":"2022-08-18T21:24:55","date_gmt":"2022-08-18T21:24:55","guid":{"rendered":"https:\/\/gcsecurity.us\/?p=121"},"modified":"2023-01-27T19:57:53","modified_gmt":"2023-01-27T19:57:53","slug":"threat-intelligence-bulletin-weaponized-plcs-response-based-attacks-and-apt41","status":"publish","type":"post","link":"https:\/\/gcsecurity.us\/?p=121","title":{"rendered":"Threat Intelligence Bulletin &#8211; Weaponized PLCs, Response-based Attacks, and APT41"},"content":{"rendered":"\n<p>Researchers describe attack technique that weaponizes programmable logic controllers to gain entry to workstations and subsequently invade networks<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/08\/new-evil-plc-attack-weaponizes-plcs-to.html\">https:\/\/thehackernews.com\/2022\/08\/new-evil-plc-attack-weaponizes-plcs-to.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Open redirect flaws being used to bypass spam filters and harvest credentials<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/cyware.com\/news\/open-redirect-flaws-abused-in-logokit-campaigns-8d798447\">https:\/\/cyware.com\/news\/open-redirect-flaws-abused-in-logokit-campaigns-8d798447<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Chrome unvalidated input zero-day patched, being actively exploited<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/threatpost.com\/google-patches-chromes-fifth-zero-day-of-the-year\/180432\/\">https:\/\/threatpost.com\/google-patches-chromes-fifth-zero-day-of-the-year\/180432\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>41% of all email-based scams are response-based attacks in Q2 of this year<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.helpnetsecurity.com\/2022\/08\/17\/response-based-attacks-climbed\/\">https:\/\/www.helpnetsecurity.com\/2022\/08\/17\/response-based-attacks-climbed\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Several threat actors using DarkTortilla crypter to distribute info-stealers and RATs<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/darktortilla-sophisticated-malware-rat-infections\">https:\/\/www.darkreading.com\/vulnerabilities-threats\/darktortilla-sophisticated-malware-rat-infections<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Exploit for Realtek networking devices with RLT819x chip released online<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Bumblebee malware loader being increasingly used by threat actors<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/08\/hackers-using-bumblebee-loader-to.html\">https:\/\/thehackernews.com\/2022\/08\/hackers-using-bumblebee-loader-to.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Chinese threat actor APT41 (Wicked Spider) targeted at least 80 orgs last year, primarily hospitality and software development in the US and universities in UK and Ireland. Sources also outline their TTPs including how they hid their C2 beacons<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/08\/china-backed-apt41-hackers-targeted-13.html\">https:\/\/thehackernews.com\/2022\/08\/china-backed-apt41-hackers-targeted-13.html<\/a><\/li><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/winnti-hackers-split-cobalt-strike-into-154-pieces-to-evade-detection\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/winnti-hackers-split-cobalt-strike-into-154-pieces-to-evade-detection\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Lazarus group targeting Apple M1 chips using executables distributed through fake cryptocurrency job postings<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/endpoint\/mac-attack-north-korea-lazarus-apt-apple-m1-chip\">https:\/\/www.darkreading.com\/endpoint\/mac-attack-north-korea-lazarus-apt-apple-m1-chip<\/a><\/li><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers\/<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Researchers describe attack technique that weaponizes programmable logic controllers to gain entry to workstations and subsequently invade networks https:\/\/thehackernews.com\/2022\/08\/new-evil-plc-attack-weaponizes-plcs-to.html Open redirect flaws being used to bypass spam filters and harvest credentials https:\/\/cyware.com\/news\/open-redirect-flaws-abused-in-logokit-campaigns-8d798447 Chrome unvalidated input zero-day patched, being actively exploited https:\/\/threatpost.com\/google-patches-chromes-fifth-zero-day-of-the-year\/180432\/ 41% of all email-based scams are response-based attacks in Q2 of this year https:\/\/www.helpnetsecurity.com\/2022\/08\/17\/response-based-attacks-climbed\/ [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15,14],"class_list":["post-121","post","type-post","status-publish","format-standard","hentry","category-news","tag-cybersecurity","tag-news"],"_links":{"self":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=121"}],"version-history":[{"count":1,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/121\/revisions"}],"predecessor-version":[{"id":122,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/121\/revisions\/122"}],"wp:attachment":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}