https://bit.ly/3MC9n77 - 🔒 Cybersecurity researchers have identified a series of cyberattacks by the Iranian-backed Advanced Persistent Threat (APT) group “Agonizing Serpens,” targeting the Israeli education and tech sectors. The group aims to steal sensitive data for various purposes, including financial gain, identity theft, espionage, and causing disruption. These attacks involve rendering endpoints unusable and sometimes publishing stolen information on social media platforms. #Cybersecurity #APTGroups #DataTheft 🕵️‍♂️ Agonizing Serpens, active since 2020, employs sophisticated methods such as wipers and fake ransomware. Known by other names like Agrius, BlackShadow, and Pink Sandstorm, the group initially gains access through web server exploitation and deploys web shells for reconnaissance and network mapping. Tools like Nbtscan, WinEggDrop, and NimScan are commonly used for this purpose. #DigitalEspionage #HackerTactics #NetworkSecurity 🔐 The group's attack strategies include trying to gain admin credentials using methods like Mimikatz, SMB password spraying, and dumping the SAM file. They also use tools like Plink, WinSCP, and a custom sqlextractor for lateral movement and data exfiltration, targeting personal information like ID numbers and passport scans. Despite their efforts, many of their methods were blocked by Cortex XDR, showcasing the evolving battle between cybersecurity defenses and hacker tactics. #CyberDefense #DataExfiltration #InfoSec 🖥️ Agonizing Serpens has shown increased sophistication by employing new techniques to bypass Endpoint Detection and Response (EDR) systems. They developed custom tools like agmt.exe, a loader for the GMER driver, to terminate specific target processes. After failing to exploit the GMER driver, they turned to drvIX, leveraging a vulnerable driver from a public Proof of Concept (PoC) tool. #MalwareDevelopment #EDRBypass #CyberAttackTrends 💥 Unit 42 researchers discovered new wipers and tools used by Agonizing Serpens, including MultiLayer wiper, PartialWasher wiper, and BFG Agonizer wiper, as well as Sqlextractor, a custom tool for extracting information from database servers. These discoveries indicate the group's continual development of new tools to enhance their data theft and disruption capabilities.

เพราะภัยคุกคามยุคใหม่ที่ไม่แม้แต่ให้เราหยุดหายใจ พัฒนาตัวใหม่ๆมามากมายทั้ง #AdvancedMalware #Zeroday #Ransomware และภัยร้ายอื่นๆอีกมาก ต่างมีสถิติที่พุ่งสูงขึ้นเรื่อยๆและยากต่อการรับมือ และหลายครั้งเหล่า #Hacker พุ่งเป้าโจมตีอุปกรณ์ปลายทางต่างๆ ดังนั้น #Endpoint ยุคใหม่ที่เราต้องคำนึงถึงเพื่อช่วยรับมือภัยร้ายมีอะไรบ้าง วันนี้แอดมีข้อแนะนำมาฝากกันจ้า #trendmicro #trendmicrothailand #trendmicroditributor #เทรนด์ไมโคร #endpointprotection #xgen #apexone #Cybersecurity #cyberawareness #ITSecurity #nForceSecure #ITThailand #ITDistributor #ThaiITDistributor #eKYC #KYC #SSL #IoT #เราคือร้อยเปอร์เซ็นต์ไอทีดิสตริบิวเตอร์สัญชาติไทย #symantec #paloaltonetworks ศึกษาโซลูชั่นเพิ่มเติมได้ที่ www.nforcesecure.com หรือปรึกษาเราได้ที่ 02-2740984 และ Line@ nForceSecure IT Security ทุกคำถามมีคำตอบ เราพร้อมตอบแบบไม่กั๊ก .... เพราะเราคือ nForce Secure ... Thai IT Distributor https://www.instagram.com/p/BwYQvkShPg_/?utm_source=ig_tumblr_share&igshid=1dkuytq50rv3c