BattleRoyal Cluster Signals DarkGate Surge

Security researchers have warned against the DarkGate threat actor, who has recently gained notoriety in the realm of remote access Trojans and loaders.
Earlier today, Proofpoint confirmed it has been tracking a distinct operator of the DarkGate malware, temporarily named BattleRoyal, noting its use in at least 20 email campaigns from September to November 2023.
These campaigns were characterized by their diverse delivery methods, including emails, Microsoft Teams, Skype, malvertising and fake updates.
The BattleRoyal cluster demonstrated a significant focus on exploiting a specific vulnerability, CVE-2023-36025, which affects Windows SmartScreen, a security feature designed to thwart visits to malicious websites.
Notably, BattleRoyal exploited this vulnerability before it was publicly disclosed by Microsoft.
The modus operandi involved using various attack tools, such as 404 TDS, Keitaro TDS and URL files, with the latter exploiting the Windows vulnerability mentioned above.
Proofpoint identified multiple campaigns exploiting CVE-2023-36025, but BattleRoyal stood out for its frequency in leveraging this vulnerability.
The malware delivery mechanisms included email campaigns and a RogueRaticate fake browser update.
In a notable evolution, the BattleRoyal cluster transitioned from DarkGate to NetSupport, a well-established remote access tool, in late November to early December.
This change could be attributed to a rise in DarkGate's popularity or a strategic shift.
The campaigns exhibited a gradual evolution, employing two.
According to Proofpoint, the BattleRoyal cluster's use of multiple attack chains highlights a new trend among cybercriminals.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 21 Dec 2023 16:30:23 +0000


Cyber News related to BattleRoyal Cluster Signals DarkGate Surge

BattleRoyal Cluster Signals DarkGate Surge - Security researchers have warned against the DarkGate threat actor, who has recently gained notoriety in the realm of remote access Trojans and loaders. Earlier today, Proofpoint confirmed it has been tracking a distinct operator of the DarkGate ...
10 months ago Infosecurity-magazine.com
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick - This fall, an unidentified threat actor executed dozens of varied social engineering campaigns against American and Canadian organizations across a variety of industries, with the goal of infecting them with the multifaceted DarkGate malware. Perhaps ...
10 months ago Darkreading.com
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals - Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018. WithSecure researchers have tracked these attacks to an active cluster of cybercriminals ...
11 months ago Infosecurity-magazine.com
Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT - The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme. This campaign involves circulating counterfeit Microsoft software installers to spread the malicious ...
7 months ago Cysecurity.news
Binary Options Trading Signals: A Deep Dive - Binary options trading, a form of financial trading where the payout is either a fixed amount or nothing at all, has seen significant growth in popularity. Central to this growth is the development and use of sophisticated trading signals. These ...
9 months ago Feeds.dzone.com
Fake Corsair job offers on LinkedIn push DarkGate malware - A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. Cybersecurity company WithSecure ...
11 months ago Bleepingcomputer.com
Hackers abuse Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
7 months ago Bleepingcomputer.com
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
7 months ago Bleepingcomputer.com
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
10 months ago Unit42.paloaltonetworks.com
DarkGate Malware Delivered Weaponized Fake Browser Updates - DarkGate Malware, also known as BattleRoyal, spreads through weaponized fake browser updates and emails. Once installed, it permits the download and execution of further malware. According to Proofpoint, a new malware has been discovered that is ...
10 months ago Cybersecuritynews.com
Harnessing the Power of Trillions: DataDome Continues to Expand Signals Collection For Most Accurate ML Detection Models - The importance of accurate threat detection and mitigation of bots can't be overstated. The best way to ensure such accuracy is through massive-scale signal collection, paired with highly adaptive multi-layered machine learning models supervised by ...
9 months ago Securityboulevard.com
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors - Earlier this year, Mandiant's Managed Defense threat hunting team identified an UNC2975 malicious advertising campaign promoting malicious websites themed around unclaimed funds. In each investigation under this campaign, Mandiant identified browser ...
10 months ago Mandiant.com
CVE-2023-32191 - When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may ...
4 months ago Tenable.com
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
11 months ago Feeds.dzone.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
10 months ago Techtarget.com
CVE-2022-31098 - Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive ...
2 years ago
Multiple Flaws in Google Kubernetes Engine - Google Kubernetes Engine has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with ...
10 months ago Gbhackers.com
CVE-2018-2822 - Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). The supported version that is affected is 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the ...
5 years ago
CVE-2023-28114 - `cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user ...
1 year ago
CVE-2023-30622 - Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment ...
1 year ago
CVE-2024-22032 - This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. ...
4 months ago Tenable.com
AI Threat Scenario, GuLoader, DarkGate, MirrorBlast, Kutaki Stealer and More - In this version of the Hacker's Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including a newly created scenario that leverages AI Generated malware. McAfee Labs researchers recently ...
5 months ago Securityboulevard.com
CVE-2022-21323 - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged ...
2 years ago
CVE-2022-21321 - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows ...
2 years ago
CVE-2022-21357 - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)