29.02.2024

DirtyMoe Ransomware Infects More than 2,000 Ukrainian Computers
The Computer Emergency Response Team of Ukraine (CERT-UA) reports that more than 2,000 computers in the country have been infected with a strain of DirtyMoe malware.

DirtyMoe, active since 2016, is capable of cryptojacking and distributed denial of service (DDoS) attacks.

The DDoS botnet is delivered using another malware called Purple Fox or through fake MSI installation packages for popular programs such as Telegram. Purple Fox is also equipped with a rootkit, which allows attackers to hide malware on a computer and make it difficult to detect and remove.

Source: https://thehackernews.com/2024/02/dirtymoe-malware-infects-2000-ukrainian.html

MFA bypass methods for compromising accounts
Due to the recent events, during the analysis of massive phishing attacks, it was found that many emails from which malicious emails were sent were compromised. Therefore, we have prepared a brief guide to the MFA bypass methods attackers use to compromise accounts for further attacks.
● Adversary-in-the-middle (AITM) attack● MFA prompt bombing● Attacks on the support service● Change the SIM card
MFA should not be relied upon solely - a strong password remains essential to your account security. This list of MFA bypass methods is incomplete, and there are many others, including compromising endpoints, exporting generated tokens, using SSO, and identifying unpatched technical vulnerabilities.
Source: 4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)

iOS Users Get Ready: GoldPickaxe Trojan Steals Biometric Data and Intercepts SMS
A group of cybercriminals known as GoldFactory has developed a new trojan called GoldPickaxe that attacks iOS and Android users. It steals biometric data and documents, intercepts SMS, and uses them to access victims' bank accounts.
GoldPickaxe poses as a government services app and forces users to create a facial recognition profile and take photos of their IDs. It also collects phone numbers to search for bank account information.
GoldPickaxe is the first iOS trojan they know that combines biometric and document collection, SMS interception, and proxy traffic through victims' devices. 
Source: https://www.helpnetsecurity.com/2024/02/15/goldpickaxe-ios-trojan/

New Wi-Fi Authentication Bypass Vulnerability Puts Corporate and Home Networks at Risk
Security researchers Mati Vanhoof and Eloise Gollier recently discovered several critical vulnerabilities in Wi-Fi authentication protocols used in modern WPA2/3 networks.
The identified flaws pose a significant security risk, as they allow unauthorized access to confidential data transmitted over wireless networks and jeopardize the security of all connected devices.
Vulnerabilities exist in two widely used open-source Wi-Fi implementations - wpa_supplicant and Intel iNet Wireless Daemon (IWD).
Source: https://cybersecuritynews.com/new-wi-fi-authentication-bypass-flaw/

US Government Disrupts russian-Linked Botnet Engaged in Cyber Espionage
The U.S. government recently announced that it had disrupted a botnet linked to the russian GRU that included hundreds of routers for small and home offices.
The bots' activity consisted of massive phishing attacks and similar credential collection campaigns against targets of interest to the russian authorities, such as the US and other governments, military organizations, security organizations, and corporate organizations.
Members of the APT28 group found vulnerable and publicly available Ubiquiti routers. They gained persistent remote access to them by conducting public Internet scans using a specific OpenSSH version number as a search parameter and then using MooBot, a Mirai-based botnet, to access these routers.
The attackers needed a network of infected devices to make the routers act as proxies, transmitting malicious traffic while hiding their real IP addresses.
Source: https://thehackernews.com/2024/02/us-government-disrupts-russian-linked.html