Google Cloud is trimming cybersecurity staff, including the Threat Intelligence Group and teams within Mandiant, with numbers undisclosed; the company says the cuts are to reinvest in growth areas like AI, reflecting a broader Big Tech trend of using AI investments to justify layoffs.
Security firm Mandiant reported a never-before-seen malware campaign that used Ars Technica and Vimeo to serve second-stage malware, employing obfuscation techniques to cover its tracks. The campaign, attributed to threat actor UNC4990, involved embedding malicious strings in benign content on the websites, which were automatically retrieved by devices infected with the first-stage malware. This novel approach, along with previous techniques used by UNC4990, demonstrates a sophisticated and evolving threat landscape in cybersecurity.
Hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure to deploy custom malware for espionage since early December, targeting a small number of customers. The threat actor, UNC5221, uses a set of tools for post-compromise activities, including custom malware for webshell planting, command execution, and credential theft. The attackers used compromised Cyberoam VPN appliances as command and control servers and are suspected to be an advanced persistent threat (APT) targeting high-priority victims. While there is no attribution, system admins are advised to implement mitigations provided by Ivanti as there is currently no security update addressing the zero-days.
The ALPHV ransomware affiliate, UNC4466, has been observed exploiting three vulnerabilities in Veritas Backup Exec to gain initial access to target networks. The flaws, which were disclosed in March 2021, allow for arbitrary file access, remote unauthorized access, and arbitrary command execution. Despite a fix being released over two years ago, many endpoints remain vulnerable. UNC4466 uses publicly-available tools like Metasploit and SOCKS5 tunneling to communicate with the command and control server and evade detection. Mandiant provides guidance for defenders to detect and mitigate these attacks.