Muddled Libra attacks target BPO sector

Sophisticated social engineering attacks have been launched by the Muddled Libra threat operation against organizations in the business process outsourcing sector, according to The Hacker News. Muddled Libra has deployed more than half a dozen attacks from June 2022 to early 2023, with intrusions characterized by the utilization of the 0ktapus phishing kit and smishing for initial access, as well as compromised infrastructure for downstream attacks, a report from Palo Alto Networks Unit 42 revealed. Aside from exploiting endpoint security solution vulnerabilities and multi-factor authentication notification fatigue techniques to bypass detection and exfiltrate credentials, Muddled Libra has also been using Raccoon Stealer and Mimikatz to facilitate the theft of data from Microsoft 365, Confluence, Jira, Elastic, and other platforms. "At the intersection of devious social engineering and nimble technology adaptation stands Muddled Libra. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses," said researchers.