Anomali Cyber Watch: TeamTNT Expand Its Cryptojacking Footprint, PuzzleMaker Attack with Chrome Zero-day, NoxPlayer Supply-Chain Attack Likely The Work of Gelsemium Hackers and More

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics:BackdoorDiplomacy, Gelsemium, Gootkit, Siloscape, TeamTNT, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.

Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Trending Cyber News and Threat Intelligence

NoxPlayer Supply-Chain Attack is Likely The Work of Gelsemium Hackers

(published: June 14, 2021)

ESET researchers have discovered malicious activity dating back to at least 2014 attributed to the Gelsemium cyberespionage group. The group targets electronics manufacturers, governments, religious entities in multiple countries throughout East Asia and the Middle East. Gelsemium demonstrated sophistication in their infection chain with extensive configurations, multiple implants at each stage, and modifying settings on-the-fly for delivering the final payload. The dropper, called Gelsemine, will drop a loader called Gelsenicine that will deliver the final payload, called Gelsevirine.Analyst Comment: Threat actors are always adapting to the security environment to remain effective. New techniques can still be spotted with behavioural analysis defenses and social engineering training. Ensure that your company's firewall blocks all entry points for unauthorized users, and maintain records of how normal traffic appears on your network. Therefore, it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity. Furthermore, ensure that your employees are educated about the risks of opening attachments, particularly from unknown senders and any attachment that requests ..

Support the originator by clicking the read the rest link below.