Recherche : [TA569] - Cyberveille

TA569: SocGholish and Beyond https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

27/02/2023 21:01:50

TA569 leverages many types of injections, traffic distribution systems (TDS), and payloads including, but not limited to, SocGholish.
In addition to serving as an initial access broker, these additional injects imply TA569 may be running a pay-per-install (PPI) service
TA569 may remove injections from compromised websites only to later re-add them to the same websites.
There are multiple opportunities for defense against TA569: educating users about the activity, using Proofpoint’s Emerging Threats ruleset to block the payload domains, and blocking .js files from executing in anything but a text editor.

Crime group hijacks hundreds of US news websites to push malware https://techcrunch.com/2022/11/03/hundreds-news-websites-malware/

06/11/2022 20:09:27

A cybercriminal group has compromised a media content provider to deploy malware on the websites of hundreds of news outlets in the U.S. according to cybersecurity company Proofpoint.

Liens par page

Filtres