Anomali Cyber Watch: Winter Vivern Impersonates Poland’s Combating Cybercrime Webpage, Trojanized Telegram Steals Cryptocurrency Keys from Screenshots, SilkLoader Avoids East Asian ThreatBook Cloud Sandbox, and More.

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Data leak, Injectors, Packers, Phishing, Ransomware, Russia, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Trending Cyber News and Threat Intelligence

Winter Vivern | Uncovering a Wave of Global Espionage

(published: March 16, 2023)

Since December 2020, Winter Vivern was engaging in cyberespionage campaigns aligned with Belarus and Russian government objectives. Since January 2021, it targeted government organizations in Lithuania, India, Vatican, and Slovakia. During mid 2022 to December 2022, it targeted India and Ukraine: impersonated the Indian government’s email service website and sent macro-enabled Excel to target a project facilitating surrender of Russian military personnel. In early 2023, Winter Vivern created fake pages for Poland’s Central Bureau for Combating Cybercrime, the Ukraine Ministry of Foreign Affairs, and the Security Service of Ukraine. The group often relies on simply phishing for credentials. Another type of Winter Vivern activity include malicious Office documents with macros, loader script mimicking a virus scanner, and the installation of the Aperetif backdoor. The group’s malicious infrastructure includes typosquatted domains and compromised WordPress websites.Analyst Comment: Pay attention if a domain is asking for your passwords, try to establish its authenticity and owner ..

Support the originator by clicking the read the rest link below.