24th November, 2023
Kinsing Exploits Critical Apache ActiveMQ Vulnerability for Cryptocurrency Mining
The Kinsing threat group is actively exploiting a critical vulnerability (CVE-2023-46604) in Apache ActiveMQ servers to compromise Linux systems. Once infiltrated, Kinsing deploys cryptocurrency mining scripts, utilizing the host's resources to mine cryptocurrencies like Bitcoin, leading to infrastructure damage and degraded system performance. Known for targeting misconfigured containerized environments, Kinsing adapts quickly to exploit newly disclosed flaws, with recent campaigns abusing the mentioned Apache ActiveMQ vulnerability. Organizations are urged to update affected Apache ActiveMQ versions promptly to mitigate potential risks. The campaign is part of Kinsing's broader strategy to compromise systems for cryptocurrency mining profits.
NetSupport RAT Exploits Surge, Targeting Education and Business Sectors
Threat actors are using the NetSupport RAT to target the education, government, and business services sectors through deceptive websites, fraudulent updates, drive-by downloads, and phishing campaigns. VMware Carbon Black detected 15 new infections related to NetSupport RAT in recent weeks. Originally a legitimate remote administration tool, NetSupport RAT has been exploited by malicious actors as a starting point for further attacks. The trojan is commonly delivered through deceptive websites and fake browser updates, enabling it to monitor behaviour, transfer files, manipulate settings, and spread within networks once installed on a victim's device.
Telekopye Telegram Turned Phishing Bot
Research has exposed a complex phishing operation leveraging the Telekopye Telegram Bot. This action, performed by the Neanderathal criminal enterprise, has created a threat capable of crafting sophisticated phishing websites, emails, and SMS messages, whilst posing as a legitimate company. Primarily recruiting its members through underground forums; Neanderathal has been able to leverage enough man power to execute orchestrated scams involving seller, buyer, or refund tactics. With the range reaching from the sale of non-existent items all the way to real-estate scams. They continue to expand their operations, creating fake apartment listings and refining their use of the leveraged bot.