19 Feb 2025 Intelligence Summary

🔍 Threat Landscape Overview

Overall Severity: 🔵 Low

Key Trends:
• Increased exploitation of known vulnerabilities
• Emergence of sophisticated phishing techniques
• Growing use of malware disguised as legitimate applications

Most Targeted Sectors: Government, Healthcare, Education

Key Takeaways

🔴 Detect & Prevent SectopRAT Threats
Description:
Organisations should block network traffic to the identified C2 servers associated with the sectopRAT malware and conduct audits of installed browser extensions to eliminate risks from this obfuscated RAT. Longer term considering moving to allow list of extensions or an enterprise browser.

Rationale:
SectopRAT poses a significant risk by masquerading as a legitimate Chrome extension to steal sensitive data, highlighting the need for proactive measures against such threats.

Sources:
• https://cybersecuritynews.com/highly-obfuscated-net-sectoprat/

🔶 Defend Against Trojanised Game Installers
Description:
Implement strict controls on software installations, particularly from torrent sites, and educate users about the risks of downloading trojanised versions of popular games.

Rationale:
The StaryDobry campaign demonstrates how threat actors exploit popular games to distribute malware, which can lead to severe resource exploitation through cryptomining.

Sources:
• https://cybersecuritynews.com/threat-actors-trojanize-popular-versions-of-games/

🔵 Enhance Email Authentication Security
Description:
Organisations should educate employees on the dangers of phishing attacks that exploit device code authentication methods, particularly from platforms like Microsoft Teams and WhatsApp.

Rationale:
The Storm-2372 group’s phishing campaign highlights the evolving tactics used to bypass traditional authentication methods, necessitating enhanced security awareness and training.

Sources:
• https://www.tripwire.com/state-of-security/microsoft-teams-storm-2372-exploit-device-codes

🔶 Address OpenSSH Vulnerabilities
Description:
If you are running the vulnerable configuration of OpenSSH with (VerifyHostKeyDNS enabled) ensure you upgrade OpenSSH to version 9.9p2 to mitigate critical vulnerabilities that allow for MiTM and DoS attacks, and enforce strict host key verification.

Rationale:
The vulnerabilities in OpenSSH pose serious risks to data integrity and system availability if it’s being run with the vulnerable configuration.

Sources:
• https://cybersecuritynews.com/openssh-vulnerabilities-mitm-dos/

Stay Ahead of Cyber Threats.
Get Exclusive Insights!

Receive expert cyber security insights, threat intelligence reports, and the latest industry updates.

Huntabil.IT is a leader in threat-informed defence, helping organisations stay ahead of cyber threats with expert-driven intelligence, proactive threat hunting, and tailored security advisory services.

© 2025 Huntabil.IT Technologies Pty Ltd

Stay in the loop!