The cybersecurity landscape is rapidly changing, with new threats developing and existing threats growing in intensity. In recent months, a rash of cyberattacks has focused the nation’s attention on the work of nefarious hackers—most notably, those based in China. In parallel, governments are greatly increasing their legislative activity to counter the growing wave of cybercrime.
Linen Typhoon — also known as APT27 — and Violet Typhoon — known as APT31 — are examples of such groups. Because they have done a wide range of other, more nefarious things. We hope you’re as excited as we are—there’s more to come! At the same time, a suspected China-based threat actor tracked as Storm-2603 is using vulnerabilities to deploy Warlock ransomware. Read on as the article unpacks these important changes and sheds light on what they mean for business and workers as well.
New Campaigns Targeting Crypto Users
In March 2024, a new criminal campaign called WEEVILPROXY began hitting cryptocurrency users. Through the use of dynamic Facebook advertisement campaigns, this new campaign hides itself as popular cryptocurrency-related software and platforms.
The sting is that WEEVILPROXY use social engineering to coerce users into downloading malicious installers. The installers aren’t benign, either—they eventually foist information stealers and cryptocurrency drainers onto the victims’ systems. This style of attack is a prime example of the way that cyber threats are continuing to evolve as attackers become more agile and advanced in their strategies.
“The attacks have been attributed to two known Chinese hacking groups tracked as Linen Typhoon (aka APT27), Violet Typhoon (aka APT31), and a suspected China-based threat actor codenamed Storm-2603 that has leveraged the access to deploy Warlock ransomware.” – The Hacker News
Adding even more confusion to the landscape is the recent return of Lumma Stealer operations. When law enforcement took down its infrastructure earlier this year, Lumma Stealer was ready to roll with the punches. It at least relies on subtle data pipes and low-key avoidance maneuvers to deliver its negative payload.
These campaigns pose substantial dangers for regular crypto users. It’s time to awaken our nation’s youth before they fall prey to the perils concealed behind the facade of seemingly innocuous ads.
Legislative Responses to Cybercrime
The U.K. government has announced their intention to introduce new legislation aimed at addressing increasing cyber threats. This federal initiative will help lessen the economic impact of ransomware attacks on public sector organizations and our critical national infrastructure. This legislation would take proactive steps to prevent these entities from paying the criminal operators who commit these attacks to stop them.
The new measures being proposed would mandate that all cyberattack victims report attacks. This is to make sure that law enforcement has the most up to date vital information. Such initiatives underscore the urgent need for organizations to adopt proactive measures in response to the escalating threats they face.
“Recognizing it as a family-run mafia syndicate unblurs the lines between cybercrime and statecraft.” – Sue Gordon, a member of DTEX’s Advisory Board and former principal deputy director of U.S. National Intelligence
These legislative efforts, if enacted into law, would have major implications. They drive companies to take cybersecurity seriously and help establish a culture of accountability in our dynamic new digital world.
Emerging Threats: Coyote Trojan and Organized Crime
The Coyote Trojan, in particular, has emerged as a serious threat to Brazilian users. Notable is the use of Windows UI Automation (UIA) in this Windows banking trojan to extract sensitive information.
Coyote Trojan can log keystrokes, take screenshots and overlay login pages for financial companies. All these capabilities combined turn it into a powerful weapon for adversaries wanting to scam individuals and organizations.
In an important development, Romanian and UK authorities have taken action against a well-structured criminal organization. This network ran some of the largest healthcare fraud schemes in Western European history. This operation is yet another important example of the power of concerted law enforcement collaboration to fight cybercrime.
Additionally, the U.K. government recently sanctioned three units of the Russian military intelligence agency (GRU) along with 18 military intelligence officers for conducting a sustained campaign of malicious cyber activity. These actions continue to show a sustained and long overdue realization that to combat cyber threats, we must all work together both nationally and internationally.
“Services are posted online with a price breakdown for each act of violence.” – The FBI
The growing tech-savvy capabilities of cybercriminals mean that everyone, especially businesses, must remain vigilant. As threats become more complex, a coordinated prevention and response strategy is needed.
