Subj : New Magnet Goblin cybercrime crew is targeting Windows and Linux To : All From : TechnologyDaily Date : Mon Mar 11 2024 15:15:04 New Magnet Goblin cybercrime crew is targeting Windows and Linux devices with all-new malware Date: Mon, 11 Mar 2024 15:07:28 +0000 Description: The group's location is not known at the time, and it's most likely not state-sponsored. FULL STORY ====================================================================== Cybersecurity researchers from Check Point haev discovered a new hacking collective deploying all-new malware on Windows and Linux devices. Check Point says the previously-unknown group, dubbed Magnet Goblin, was leveraging 1-day vulnerabilities - flaws for which a patch was only recently released. In some instances, the group was leveraging flaws just a day after someone releases a proof-of-concept (PoC). Some of the flaws Magnet Goblin was abusing includes those found in Ivanti Connect Secure (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense (CVE-2023-41265, CVE-2023-41266, CVE-2023-48365), and Magento (CVE-2022-24086). Securing the website The group used the flaws to deploy unique malware, for both Windows and Linux, such as NerbianRAT, MiniNerbian, and WARPWIRE. While NerbianRAT isnt exactly new, the researchers added that a Linux version only started circulating in mid-2022. Here is a full list of the malwares capabilities: Request more actions from the command & control server (C2) Execute a Linux command in a new thread Send command result and clean the file; stop any running commands Execute a Linux command immediately Do nothing Modify connection interval Adjust and save worktime settings Return idle timings, config, or command results Update a specific config variable Refresh command buffer for C2 execution commands As for MiniNerbian, as the name suggests, its a stripped-down version of NerbianRAT, capable of: Executing C2's commands and returning results Updating activity schedule (full day or specific hours) Updating configuration Magnet Goblin is described as a financially-motivated actor, meaning its not state-sponsored and its goals arent aligned with any nation-state. It mostly targets healthcare, manufacturing, and energy organizations in the US, Check Point says. Speaking to The Register , Sergey Shykevich, Check Points threat intelligence manager, said the researchers found fewer than 10 organizations in the US that fell victim to Magnet Goblin. But we assume the real number is much higher, he added. "We think it is an opportunistic cybercrime group that we currently can't affiliate to a specific geographical location or a known group," Shykevich added. "This group was able to utilize the Ivanti exploit extremely quickly, just one day after a POC for it was published." More from TechRadar Pro This WordPress plugin vulnerability has put millions of websites at risk Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/new-magnet-goblin-cybercrime-crew-is-ta rgeting-windows-and-linux-devices-with-all-new-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .