Update on Red Curl. TA406’s high 2021 optempo. Ephemeral payloads in a spearphishing campaign. Code-signing boot camp.

Attacks, Threats, and Vulnerabilities

Seeing Red (Domain Tools) The DomainTools Research team came across a batch of malicious-looking PDFs that stretched back to July 30, 2021. While containing no malicious content, they did link to dozens of short-lived Glitch apps hosting a SharePoint phishing page containing obfuscated JavaScript designed to harvest credentials.

Chinese Cyberespionage Bootcamps Training Recruits in the Art of Supply Chain Attacks for Over a Decade (Yahoo Finance) New report from Venafi shows Chinese threat actors targeting code signing certificates for use in software supply chain attacks

APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks | Venafi

(Venafi) Learn about the infamous APT41 group and why they are abusing code signing keys and certificates as powerful weapons to steal and exploit data. Find out which industries are they targeting, the anatomy of their attack and who’s really behind them.

Group-IB report: “RedCurl. The pentest you didn’t know about” (Group-IB) Research of the new espionage APT-group RedCurl and its elaborate attacks on enterprise companies in North America, Europe and CIS

RedCurl hacking group returns with new attacks (The Record by Recorded Future) Even after its operations were publicly exposed in August 2020, the RedCurl hacking group has continued to carry out new intrusions and has breached at least four companies this year, according to a new report from security firm Group-IB.

Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities (The Hacker News) Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities

Previously unreported North Korean espionage part of busy 2021 for country’s hackers (CyberScoop) A North Korean cyber espionage group known primarily for targeting think tanks, advocacy groups, journalists and others related to Pyongyang’s adversaries around the world has been quite prolific in 2021, according to email security firm Proofpoint.

State-sponsored North Korean hackers responsible for blitz of attacks in 2021 (The Record by Recorded Future) Suspected government-backed hackers from North Korea launched…