Pony, njRAT, Trickbot Still Rampant
This week we are seeing Pony/Fareit activity as the most reported activity on TruSTAR. This is followed by njRAT and Trickbot. On July 15th a new variant of NJRAT was found, so that may be part of the increased reporting of that activity. Also, recall from our previous reporting that Trickbot is part of several successful attack tool chains and, given recent reporting that it captured some 250 million email addresses in its phishing campaigns, expect that to stay among top reporting for some time to come.
U.S. Military Warns Against Increased Exploits
Last week the Department of Homeland Security issued a warning to U.S. businesses about cyber-activity from Iranian hackers. ZDNet published an excerpt: "The silent cyber-war between the two countries is expected to continue, and now, CISA leadership is warning U.S. businesses to take protective measures against the most common hacking techniques employed by known Iranian threat actors, such as Spear-phishing, Credential stuffing, Password spraying, Data wipers."
We interpret this warning as a potential higher cost for compromise, since bad-actors may be increasingly delivering wiping malware and looking to do greater damage. Forbes states that "...one of the fears expressed by analysts after the military cyber strike was that Iran might elect to increase its cyber activity in the broader non-governmental sector."
Be vigilant, folks.
View this OSINT Threat Report on TruSTAR to correlate IOCs with your own data:
Not on TruSTAR yet? Request a demo, and in the meantime download IOCs via .txt file: