1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New Magnet Goblin cybercrime crew is targeting Windows and Linux

    From TechnologyDaily@1337:1/100 to All on Mon Mar 11 15:15:04 2024
    New Magnet Goblin cybercrime crew is targeting Windows and Linux devices with all-new malware

    Date:
    Mon, 11 Mar 2024 15:07:28 +0000

    Description:
    The group's location is not known at the time, and it's most likely not state-sponsored.

    FULL STORY ======================================================================

    Cybersecurity researchers from Check Point haev discovered a new hacking collective deploying all-new malware on Windows and Linux devices.

    Check Point says the previously-unknown group, dubbed Magnet Goblin, was leveraging 1-day vulnerabilities - flaws for which a patch was only recently released. In some instances, the group was leveraging flaws just a day after someone releases a proof-of-concept (PoC).

    Some of the flaws Magnet Goblin was abusing includes those found in Ivanti Connect Secure (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense (CVE-2023-41265, CVE-2023-41266, CVE-2023-48365), and Magento (CVE-2022-24086). Securing the website

    The group used the flaws to deploy unique malware, for both Windows and
    Linux, such as NerbianRAT, MiniNerbian, and WARPWIRE. While NerbianRAT isnt exactly new, the researchers added that a Linux version only started circulating in mid-2022.

    Here is a full list of the malwares capabilities:

    Request more actions from the command & control server (C2)

    Execute a Linux command in a new thread

    Send command result and clean the file; stop any running commands

    Execute a Linux command immediately

    Do nothing

    Modify connection interval

    Adjust and save worktime settings

    Return idle timings, config, or command results

    Update a specific config variable

    Refresh command buffer for C2 execution commands

    As for MiniNerbian, as the name suggests, its a stripped-down version of NerbianRAT, capable of:

    Executing C2's commands and returning results

    Updating activity schedule (full day or specific hours)

    Updating configuration

    Magnet Goblin is described as a financially-motivated actor, meaning its not state-sponsored and its goals arent aligned with any nation-state. It mostly targets healthcare, manufacturing, and energy organizations in the US, Check Point says. Speaking to The Register , Sergey Shykevich, Check Points threat intelligence manager, said the researchers found fewer than 10 organizations in the US that fell victim to Magnet Goblin. But we assume the real number is much higher, he added.

    "We think it is an opportunistic cybercrime group that we currently can't affiliate to a specific geographical location or a known group," Shykevich added. "This group was able to utilize the Ivanti exploit extremely quickly, just one day after a POC for it was published." More from TechRadar Pro This WordPress plugin vulnerability has put millions of websites at risk Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-magnet-goblin-cybercrime-crew-is-ta rgeting-windows-and-linux-devices-with-all-new-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)