Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Muddled Libra Hacks Admin with Pentest Tools

March 13, 2024
Reading Time: 3 mins read
in Alerts
Muddled Libra Hacks Admin with Pentest Tools

Threat actors, particularly the Muddled Libra hacking group, leverage pentesting tools to identify and exploit vulnerabilities within target systems or networks. These tools offer a simulated environment for testing potential attack vectors, allowing attackers to refine their strategies and maximize the impact of their intrusions. Cybersecurity researchers from Unit 42 at Palo Alto Networks have uncovered that Muddled Libra hackers actively employ pentesting tools to gain administrative access, facilitating their malicious activities.

Emerging in late 2022, the Muddled Libra group introduced the 0ktapus phishing kit, which provided attackers with prebuilt hosting, simplified command-and-control connectivity, and bundled attack templates. This kit enabled even low-skilled attackers to emulate mobile authentication pages affordably, resulting in the theft of credentials and multi-factor authentication codes from over 100 organizations. Despite being previously identified under different names like 0ktapus, Scattered Spider, and Scatter Swine, Muddled Libra clarified their distinct identity, employing common toolkits and collaborative social forums to coordinate their operations with an Agile-like team structure.

Unit 42’s analysis links several sophisticated supply chain attacks targeting cryptocurrency networks to the Muddled Libra group, indicating their adaptability and expanding scope of operations. Employing tactics rooted in deep reconnaissance, Muddled Libra demonstrates a comprehensive understanding of their targets, often obtained from prior data breaches and information brokers. The group utilizes malware such as Raccoon Stealer and RedLine Stealer to harvest sensitive data from personal devices, leveraging vulnerabilities in bring-your-own-device (BYOD) policies and hybrid work setups to perpetrate data theft.

Muddled Libra’s operational methodology revolves around the rapid establishment of access through short-lived domains and the exploitation of remote monitoring and management (RMM) tools. While their initial focus lies in data and credential theft, recent trends suggest a shift towards an ‘encrypt and extort’ model, particularly targeting larger organizations within the same industry. Consistently employing legitimate tools like SharpHound and ADRecon, coupled with the utilization of PsExec and Impacket for execution, Muddled Libra displays a sophisticated understanding of attack vectors, emphasizing the importance of robust cybersecurity measures in mitigating such threats.

Reference:
  • Threat Group Assessment: Muddled Libra (Updated)

Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatCybersecurityMuddled LibraPentestingThreat Actors
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial