Unit 42 researchers discovered a PlugX malware variant that stood out as it infects any attached removable USB media devices such as floppy, thumb, or flash drives and any additional systems the USB is later plugged into.
As of December 2022, Unit 42 researchers observed 134 million exploit attempts in total leveraging this vulnerability, and about 97% of these attacks occurred after the start of August 2022. At the time of writing, the attack is still ongoing.
The broad usage of Active Directory has made Kerberos attacks the bread and butter of many threat actors. Because of their similarity to the well-known Golden Ticket attack, threat actors might also use these attacks in future campaigns.
Cloud breaches often stem from misconfigured storage services or exposed credentials. A growing trend of attacks specifically targets cloud compute services to steal associated credentials and illicitly gain access to cloud infrastructure.
The original version of Typhon Stealer was updated and released with the new name of “Typhon Reborn.” This new version has increased anti-analysis techniques and it was modified to improve the stealer and file grabber features.