SKYWATCH^SM ALERTS

Symantecs Threat Hunter Team recently observed the Syssphinx (aka FIN8) cyber-crime group deploying a variant of the Sardonic backdoor to deliver the Noberus ransomware.

Adversaries were found abusing Googles Firebase Hosting service to deliver the legitimate Sorillus remote administration tool.

A zero-day vulnerability (CVE-2023-36884) affecting Microsoft Windows and Office products is being exploited by attackers in the wild. To date, the exploit has been used in highly targeted attacks against organizations in the government and defense sectors in Europe and North America.

WhiteSnake Stealer was discovered in early 2022 and can collect data from browsers email clients messages apps and crypto wallets.

Maha Grass also known as Patchwork White Elephant Hangover Dropping Elephant etc. Qi Anxin internal tracking number APT-Q-36.