Mark Lechtik's Avatar

Mark Lechtik

@marklech.bsky.social

Senior TI Analyst @ MSTIC. Former Senior RE @ FLARE.

102 Followers  |  97 Following  |  2 Posts  |  Joined: 01.12.2024  |  1.407

Latest posts by marklech.bsky.social on Bluesky

One is the same as the other, plus IOCs.

14.12.2024 16:50 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Cleo MFT Mass Exploitation Payload Analysis | Binary Defense ARC Labs recently capture and analyzed the second and third stage payloads used during a Cleo MFT compromise.

BinaryDefense has published a technical analysis of the payload (Java webshell) dropped on hacked Cleo file transfer servers

www.binarydefense.com/resources/bl...

12.12.2024 10:30 β€” πŸ‘ 12    πŸ” 6    πŸ’¬ 0    πŸ“Œ 1

That smells like a Typhoon.

12.12.2024 23:55 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Developing story - attack against #BGP peers of a European telco. The malicious emails impersonated that same telco and included the ASN of each recipient in the subject line.
The emails contained a password-protected RAR attachment with the malicious payload.

12.12.2024 21:21 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Attack chain showing attacker generating link on Moonshine, then sending it through targeted application to the victim, which after clicking the links gets compromised and delivered the DarkNimbus backdoor

Attack chain showing attacker generating link on Moonshine, then sending it through targeted application to the victim, which after clicking the links gets compromised and delivered the DarkNimbus backdoor

Validation flow that fingerprints the target by looking at user agent and delivering the proper exploit

Validation flow that fingerprints the target by looking at user agent and delivering the proper exploit

multiple Chrome vulnerabilities exploited in the third-party applications

multiple Chrome vulnerabilities exploited in the third-party applications

List of Android applications being targeted Most are very popular in South East Asia

List of Android applications being targeted Most are very popular in South East Asia

Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...

05.12.2024 08:48 β€” πŸ‘ 12    πŸ” 7    πŸ’¬ 0    πŸ“Œ 2
Preview
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the β€œNearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.Β 
Β 
Read more here: www.volexity.com/blog/2024/11...

22.11.2024 14:58 β€” πŸ‘ 81    πŸ” 41    πŸ’¬ 2    πŸ“Œ 13
Preview
Bootkitty: Analyzing the first UEFI bootkit for Linux ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. www.welivesecurity.com/en/eset-rese... 🧡

27.11.2024 08:34 β€” πŸ‘ 29    πŸ” 17    πŸ’¬ 1    πŸ“Œ 1

@marklech is following 20 prominent accounts