ZeroFox Daily Intelligence Brief - July 27, 2023
|by Alpha Team
ZeroFox Daily Intelligence Brief - July 27, 2023
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Please find today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- AI Tool “FraudGPT” with Wide Offensive Capabilities Promoted by Threat Actors
- NATO Investigates Alleged Data Theft By Siegedsec Hackers
- Clop Lists 46 New Victims, Including Deloitte and Informatica
- Data broker / initial-access broker / hacktivist group: Cyber Cat and Anonymous Sudan
- Vulnerabilities: CVE-2023-33231 and CVE-2023-28021
- Exploits: CVE-2018-0840 and CVE-2016-9566
- Breaches: Credit Card Data Breach: BreachForums: PM Simplify Data Breach and Leakbase: ProInteracive Data Breach
AI Tool “FraudGPT” with Wide Offensive Capabilities Promoted by Threat Actors
Threat actors are promoting "FraudGPT," an AI tool for offensive purposes, on dark web marketplaces and Telegram channels. The tool enables the crafting of spear-phishing emails, cracking tools, undetectable malware creation, detecting leaks and vulnerabilities and other offensive capabilities for USD 200 per month, with additional plans for longer durations. The large language model (LLM) behind the system remains unknown.
NATO Investigates Alleged Data Theft By Siegedsec Hackers
NATO's IT team is investigating an alleged data-theft attack on its COI Cooperation Portal by hacking group SiegedSec. The portal facilitates unclassified information-sharing for NATO organizations and member nations. SiegedSec posted hundreds of allegedly stolen documents on Telegram, including sensitive information, user details, and more. The leak potentially impacts all 31 NATO member nations.
Clop Lists 46 New Victims, Including Deloitte and Informatica
ZeroFox Intelligence has observed that the Clop ransomware/extortion group has listed 46 new victims on its leak site. The list contains several prominent names, including multinational consultancy Deloitte, restaurant chain Chuck E. Cheese, nutrition-product company GNC, business-intelligence provider Informa, data-integration tool Informatica, professional services firm WSP, medical diagnostics firm Synlab, and healthcare brand Virgin Pulse. Clop’s Moveit Transfer exploit has now claimed over 500 organizations, with millions of people’s data compromised.
THREAT ACTIVITY: INITIAL-ACCESS BROKERS, DATA BROKERS, AND HACKTIVISTS
- Cyber Cat: Claims to have breached UK Hydrographic Office; ransom demanded: 2 BTC
- Anonymous Sudan: Attacking government, education, and healthcare entities in Kenya
VULNERABILITIES
- CVE-2023-33231 - XSS attack was possible in DPA 2023.2 due to insufficient input validation
- CVE-2023-28021 - The BigFix WebUI uses weak cipher suites.
EXPLOITS
- CVE-2018-0840 - Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass
- CVE-2016-9566 - Nagios Core < 4.2.0 Curl Command Injection / Code Execution
BREACHES
- BreachForums: PM Simplify Data Breach - (8,629 Records) | Name, email address, and password
- Leakbase: ProInteracive Data Breach - (17,682 Records) | Email Address, gender, name, phone number, and physical address
Tags: DIB, tlp:green