Significant hacktivist attacks launched against Russia

Cataclysmic cyberattacks involving public tools have been launched by the Twelve hacktivist operation against Russia since its emergence in April 2023, according to The Hacker News.

After obtaining initial access via local or domain account exploitation, Twelve proceeds to leverage Remote Desktop Protocol to facilitate further infrastructure penetration, as well as utilize other tools, including Cobalt Strike, Chisel, Mimikatz, Advanced IP Scanner, and PsExec to steal credentials, map networks, and escalate privileges, a report from Kaspersky revealed. Attacks by the hacktivist group also involved the delivery of several webshells with arbitrary command execution, file transfer, and email distribution capabilities, as well as a number of PowerShell scripts enabling Access Control List modifications and Sophos security software process termination, before launching a LockBit 3.0 ransomware variant and a Shamoon malware-like wiper that terminated processes and overwritten file contents, respectively. Further analysis of the operation discovered similarities with the DARKSTAR ransomware gang, also known as Shadow or Comet. "...[W]hereas Twelve's actions are clearly hacktivist in nature, DARKSTAR sticks to the classic double extortion pattern. This variation of objectives within the syndicate underscores the complexity and diversity of modern cyber threats," researchers added.

Lumma Stealer deployed via fraudulent CAPTCHA pages

Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data.

New SambaSpy malware spread in phishing campaign

Attacks commenced with the distribution of phishing emails with an HTML attachment or malicious link, which would trigger the deployment of the Java-based RAT, which enables not only file system, process, and remote desktop management, but also file uploads or downloads, keylogging, screenshot capturing, and webcam takeovers.

