WTB: Apple Removes Top Security Tool for Secretly Stealing Data

September 11, 2018 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: APT, Data theft, Banking trojan, Malicious applications, Phishing, Social engineering, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial. Additional information regarding the threats discussed in this week’s Community Threat Briefing can be found below:

Emissary Panda
EMISSARY PANDA is an adversary with a suspected nexus to the People’s Republic of China (PRC).  This adversary frequently leverages strategic web compromises (SWC) as well as spear phishing campaigns to infect targets. EMISSARY PANDA uses the well known remote access tool (RAT) PlugX as well as a number of post exploitation tools in operations. Based on the SWC sites chosen and the themes of spear phishing emails, it appears that organizations in the government, diplomatic, defense, aerospace, and manufacturing sectors are of particular interest to this adversary. 
 
Goblin Panda
CrowdStrike first observed GOBLIN PANDA activity in September 2013 when indicators of its activity were discovered on the network of a technology company operating in multiple sectors. Malware variants primarily used by this actor include PlugX and HttpTunnel. This actor focuses a significant amount of its targeting on entities in Southeast Asia, particularly Vietnam. Heavy activity was observed in the late spring and early summer of 2014 when tensions between China and other Southeast Asian nations were high due to conflict over territory in the South China Sea. GOBLIN PANDA targets have been primarily observed in the defense, energy, and government sectors. 
Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.