Tag: hacking

How ‘Muddled Libra’ Cybercrime Group Exploits BPO Sector with Sophisticated Social Engineering Techniques

The BPO sector is currently under attack by a cybercrime group known as Muddled Libra, which employs sophisticated social engineering tactics to gain unauthorized access. These persistent attacks have raised concerns within the cybersecurity community.

Palo Alto Networks Unit 42, in a technical report, revealed that the emergence of the 0ktapus phishing kit in late 2022 introduced a new attack style associated with Muddled Libra. The kit provided a ready-made hosting framework and bundled templates, leading to its widespread adoption. The name “Libra” is used by the cybersecurity company to designate cybercrime groups, while the term “muddled” reflects the uncertainty surrounding the utilization of the 0ktapus framework.

The 0ktapus framework, also referred to as Scatter Swine, was initially discovered in August 2022 in connection with smishing attacks on numerous organizations, including Twilio and Cloudflare. CrowdStrike later disclosed a series of cyber assaults targeting telecom and BPO companies since June 2022. These attacks involved a combination of credential phishing and SIM swapping, and the cluster responsible for them is tracked under different names, such as Roasted 0ktapus, Scattered Spider, and UNC3944.

Kristopher Russo, a senior threat researcher, explained that Muddled Libra was named due to the perplexing landscape surrounding the 0ktapus phishing kit. He noted that while many threat actors have incorporated the kit into their arsenal, merely using it does not classify them as part of Muddled Libra, according to Unit 42’s classification.

The attacks initiated by this e-crime group employ smishing and the 0ktapus phishing kit to gain initial access. They typically culminate in data theft and the establishment of long-term persistence. Another notable characteristic is the group’s utilization of compromised infrastructure and stolen data to carry out subsequent attacks on the customers of their victims. In some instances, they even target the same victims repeatedly to replenish their dataset.

Unit 42, after investigating several Muddled Libra incidents from June 2022 to early 2023, described the group as relentless, methodical, and highly adaptable in their attack strategies. They swiftly adjust their tactics when faced with obstacles. Alongside using a variety of legitimate remote management tools to maintain persistent access, Muddled Libra tamper with endpoint security solutions to evade detection. They also exploit the fatigue caused by multi-factor authentication (MFA) notifications to steal credentials.

Furthermore, the threat actors have been observed gathering lists of employees, their job roles, and cellular phone numbers to execute smishing and prompt bombing attacks. If this approach fails, Muddled Libra actors resort to contacting the organization’s help desk, pretending to be the victims, in order to enroll a new MFA device under their control.

The researchers emphasized the notable success of Muddled Libra’s social engineering tactics. They have demonstrated a remarkable level of confidence when interacting with help desk personnel and other employees over the phone, successfully persuading them to engage in unsafe actions.

The attacks also involve the use of credential-stealing tools like Mimikatz and Raccoon Stealer to escalate privileges. Additionally, various scanners are employed for network discovery, enabling the extraction of data from platforms such as Confluence, Jira, Git, Elastic, Microsoft 365, and internal messaging systems.

Unit 42 speculated that the creators of the 0ktapus phishing kit do not possess the same advanced capabilities as Muddled Libra, and despite some similarities in their tradecraft, there is no definitive connection between the actor and UNC3944.

MyloBot: The Sophisticated Botnet Affecting Thousands of Systems Worldwide

BitSight, a cybersecurity company, has revealed that a sophisticated botnet called MyloBot has affected thousands of systems across the globe.

Most of the compromised systems are located in India, the United States, Indonesia, and Iran.

MyloBot

BitSight has also found that MyloBot’s infrastructure is linked to a residential proxy service named BHProxies, implying that the compromised machines are being used by the latter.

The botnet was initially observed in 2017 and was first documented in 2018. It is known for its anti-analysis methods and its ability to act as a downloader.

MyloBot has the potential to download any other type of malware that the attacker wants. It also waits for 14 days before attempting to contact the command-and-control (C2) server to avoid detection.

MyloBot receives instructions from C2 and transforms the infected computer into a proxy. The malware has been observed sending extortion emails from hacked endpoints as part of a financially motivated campaign.

MyloBot continues to evolve over time, and BitSight has been sinkholing the botnet since November 2018.

List of Ten Gadgets that can be useful for hackers

Raspberry Pi

Raspberry Pi

Raspberry Pi is a low-cost, compact computer that is popular among hackers and security professionals. It runs a variety of operating systems and can be used for tasks such as penetration testing, network security, forensic analysis, reverse engineering, automation, and IoT security. It features a quad-core processor, up to 8 GB of RAM, built-in Wi-Fi and Bluetooth, and several USB and Ethernet ports for connecting to other devices.

WiFi Pineapple

Pineapple Wi-Fi

The WiFi Pineapple is a versatile device in the world of ethical hacking and penetration testing. It acts as a wireless access point, but with a twist: it can mimic a legitimate one, allowing security professionals and ethical hackers to test the resilience of wireless networks and identify any vulnerabilities. The Pineapple can redirect network traffic, perform man-in-the-middle attacks, and gather valuable information about the target network and its users.

With its ability to impersonate a trusted access point, the WiFi Pineapple is a powerful tool in the arsenal of those committed to improving network security through ethical means.

Flipper Zero

Flipper Zero

Flipper Zero is a compact and portable device designed for technology enthusiasts and security professionals alike. It offers the ability to interact with digital systems and tackle various tasks, such as exploring radio protocols, accessing control systems, and debugging hardware.

Thanks to its open-source and customizable nature, users can extend its functionality to suit their needs. Flipper Zero has a playful personality, reminiscent of a cyber-dolphin, and its versatility allows it to grow and adapt as it is used.

Whether you’re a seasoned security professional or just starting out, Flipper Zero is the perfect tool for exploring and learning about digital systems. With its ability to interact with RFID and debug hardware using GPIO pins, this tiny piece of hardware has a big impact on the world of technology.

New USB Rubber Ducky

New USB Rubber Ducky

The new USB Rubber Ducky is a versatile tool that emulates human-like keystroke inputs to execute complex and sophisticated attack scenarios. Its ability to run tests based on the target machine’s operating system and execute specific actions on Windows or Mac systems makes it a flexible tool for attackers. Additionally, the support for the DuckyScript 3.0 programming language enables the creation of complex attack scenarios using functions, variables, and logic flow controls. It is important to be aware of its capabilities and take appropriate measures to protect systems from attack.

HakCat WiFi Nugget

HakCat WiFi

The HakCat WiFi Nugget is an open-source tool designed by Hak5 hosts Kody Kinzie and Alex Lynd to make learning about hacking fun and accessible. With its cute cat face and OLED screen, the device is approachable and invites users to get into Wi-Fi hacking. Pre-soldered and pre-flashed nuggets are available for purchase, but users can also build the device themselves using Gerber and BOM files from GitHub. The design is simple and requires a bit of soldering and 3D printing to complete. The firmware can be flashed using ESPTool in Chrome. The HakCat WiFi Nugget is a fun and inviting tool for those interested in learning about wireless security and hacking.

O.MG Cable

O.MG Cable

The O.MG Cable is designed for use by certified ethical hackers and red team members to emulate attack scenarios and test defense teams. The advanced features, such as keystroke and mouse injection, pre-installed payloads, and full-speed USB hardware keylogger, provide these security professionals with the tools they need to conduct thorough testing and training. With its various port options and advanced capabilities, the O.MG Cable is a valuable tool for certified ethical hackers and red team members to enhance their testing and training processes.

HackRF One

HackRF One

HackRF One is a Software Defined Radio (SDR) that allows users to receive, transmit, and manipulate radio signals. It operates in the frequency range of 1 MHz to 6 GHz, making it one of the most versatile SDRs on the market. The device was developed by Michael Ossmann and is manufactured by Great Scott Gadgets, a company based in Colorado, USA.

The HackRF One is a versatile and powerful tool for a wide range of applications. Its compact design, open-source hardware, and high sample rate make it a valuable tool for researchers, engineers, and hobbyists. However, its limited frequency range

Ubertooth one

Ubertooth one

The Ubertooth One is a powerful and versatile open source development platform for anyone interested in Bluetooth experimentation and hacking. It is based on the LPC175x ARM Cortex-M3 microcontroller with full-speed USB 2.0, providing a wide range of capabilities, including monitoring, scanning and packet sniffing of Bluetooth signals. The Ubertooth One can also be used to discover and pair devices, as well as reverse engineer wireless protocols. This makes it a great tool for penetration testers, security researchers, and hobbyists who want to explore and understand the inner workings of Bluetooth communications. The Ubertooth One is an invaluable tool for anyone interested in learning more about wireless technology and Bluetooth security.

ChameleonMini

Chame leonMini

Chame leonMini is an RFID emulation device created by ProxGrind that is capable of simulating multiple types of RFID tag formats. It is a powerful and portable NFC emulation and manipulation tool which can be used for practical NFC and RFID security analysis, compliance and penetration tests, as well as for reverse engineering and other tasks. ChameleonMini is able to emulate a wide range of common contactless cards, including ISO 14443A/B, ISO 15693, MIFARE Classic, and MIFARE DESFire.

Hardware Keylogger

USB Hardware Keylogger

A hardware keylogger is a device used to record keystrokes. It is attached to the computer, either internally or externally, and it starts its applications when it is powered on. The hardware keylogger records all of the keystrokes and stores them on a memory chip. Typically, hardware keyloggers are used by hackers to gain access to sensitive information, such as usernames, passwords, and financial information. Hardware keyloggers can also be used by employers to monitor employees’ computer usage, or by parents to monitor their children’s online activities.

Powered by WordPress & Theme by Anders Norén