#169 - Intel Chat: Tools, N. Korean IT workers, GootLoader, FakeBat & Pacific Rim

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled.
• CVE2CAPEC is a tool developed by Galeax that automates the process of mapping Common Vulnerabilities and Exposures (CVEs) to Common Weakness Enumerations (CWEs), Common Attack Pattern Enumeration and Classification (CAPEC), and MITRE ATT&CK Techniques.
• This tool helps security researchers identify vulnerabilities within macOS’s sandbox restrictions, particularly targeting XPC services in the PID domain marked as "Application" services, which often lack adequate protection.
• Zscaler's recent blog discusses how North Korean IT professionals are increasingly finding remote work in Western companies, often under disguised identities.
• In a recent campaign, GootLoader malware has been targeting Bengal cat enthusiasts in Australia using SEO poisoning tactics.
• After a multi-month absence, the malware loader FakeBat—also known as Eugenloader or PaykLoader—has resurfaced, distributing malware through Google Ads, with a recent campaign exploiting ads for the popular app Notion.
• Over the past five years, Sophos has been engaged in a complex battle against Chinese state-sponsored cyber adversaries targeting its firewall products. This prolonged engagement, detailed in Sophos' "Pacific Rim" report, reveals a series of sophisticated attacks aimed at exploiting vulnerabilities in internet-facing devices, particularly those within critical infrastructure sectors across South and Southeast Asia.