"Evasive Panda," a China-linked threat actor, has been targeting Tibetan users with both watering hole and supply chain attacks since September 2023. The attacks deliver malicious downloaders for Windows and macOS that install a backdoor called "MgBot" and a previously undocumented Windows implant named "Nightdoor." According to ESET, the attackers compromised at least three websites to conduct watering hole attacks, as well as a Tibetan software company's supply chain.

According to Mackenzie Jackson, a developer and security advocate at GitGuardian, Artificial Intelligence (AI) has increasingly empowered malicious attackers. There has been an increase in the impact of phishing, SMS phishing (smishing), and Voice phishing (vishing) attacks since the launch of ChatGPT in November 2022. Malicious Large Language Models (LLMs), such as FraudGPT, WormGPT, DarkBARD, and White Rabbit, enable threat actors to write malicious code, generate phishing messages, identify vulnerabilities, and build hacking tools.

Nation-state cyber threat groups are again turning to USBs to infiltrate government organizations and critical infrastructure facilities. USBs are still an effective way for high-level threat actors to physically evade security at sensitive organizations. According to Maya Horowitz, vice president of research at Check Point, USBs were the primary infection vector for at least three major threat groups in 2023. This article continues to discuss nation-states returning to USBs to compromise highly guarded government organizations and critical infrastructure facilities.

TA577, also known in the security industry as Hive0118, has targeted organizations with rogue email attachments that, when opened, steal Microsoft Windows NT LAN Manager (NTLM) authentication information. Researchers warn that the group's recent campaigns involved thousands of email messages sent to hundreds of entities. NTLM is the default authentication mechanism used on Windows networks when a computer attempts to access network resources or services. This article continues to discuss the malicious email campaign that steals NTLM authentication information.

In November 2023, security researchers at IBM Security Trusteer discovered malware called "Fakext," which uses a malicious Edge extension to execute man-in-the-browser and web-injection attacks. Since early November 2023, researchers have seen over 35,000 infected sessions, most of which are in Latin America (LATAM), with a smaller number in Europe and North America. The large number of infected sessions suggests a highly successful and widespread campaign. Fakext injects content onto the screen, including error messages, user forms, and notifications.

Misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis are the target of new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign exploit misconfigurations and an old Atlassian Confluence vulnerability to execute code on the system. Cado Security researchers discovered the campaign and examined the attack payloads, bash scripts, and Golang ELF binaries.

In February, two systems from the Cybersecurity and Infrastructure Security Agency (CISA) were hacked through issues with Ivanti products. Ivanti provides software to manage IT security and system access. This compromise proved that any company is vulnerable to hacking. Sources reveal that the two systems hit were the Infrastructure Protection (IP) Gateway which contains data about U.S. infrastructure, and the Chemical Security Assessment Tool that contains chemical company security plans. CISA has taken those systems and tools offline.