Ransomware/Malware Activity
Malicious AI Models Discovered on Hugging Face Platform
Researchers have discovered at least one hundred (100) instances of malicious Artificial Intelligence (AI) models being hosted on Hugging Face’s platform. Hugging Face is a code repository platform and online community where users can share machine learning models and training datasets. Hugging Face is also known for its “safetensors” format which was devised by the company to safely store tensors used for models in place of the commonly weaponized “pickle” serialization method. The researchers that uncovered the malicious code examined both PyTorch and TensorFlow Keras models. Out of the one hundred (100) potentially malicious models, around 50% contained payloads that could allow object hijacking, and 20% contained payloads with the capability to establish a reverse shell to a specified host. Researchers also observed models that contained code calling a Python pickle module to execute arbitrary code upon loading a PyTorch model file. Based on the findings, it is possible that the malicious code embedded in these models are part of security or AI research as opposed to being planted by threat actors. However, it is important that individuals and organizations understand the significant security risk that AI models can pose when not properly vetted. CTIX analysts will continue to report on new strains, trends, and methods for malware delivery.
Threat Actor Activity
Iranian-Linked Threat Actor Targeting Defense-Related Entities in the Middle East
An ongoing cyber-espionage campaign has been attributed with medium confidence to the Iranian-linked threat actor known as UNC1549, using a new set of attacks and unique malware strains against aerospace, aviation, and defense industries in the Middle East, including Israel and the United Arab Emirates (UAE). UNC1549 also overlaps with another threat actor known as Tortoiseshell, Imperial Kitten, or Crimson Sandstorm, which has purported affiliations to Iran's Islamic Revolutionary Guard Corp (IRGC), being important given the group's focus on defense-related entities in light of rising tensions in Iran and their support of Hamas militants in Gaza. This campaign, however, started as early as June 2022 and is still ongoing. Researchers have noted the use of spear-phishing emails with phony job offers or links to fake websites bolstering Israel-Hamas related content to deliver malicious payloads, as well as using typosquatted login pages of major companies to harvest credentials. Attacks have often used Microsoft Azure cloud infrastructure for commands-and-control (C2), and the payloads discussed earlier deliver two (2) backdoors dubbed MINIBIKE and MINIBUS. MINIBIKE has been observed between June 2020 through October 2023 and uses Azure cloud infrastructure with capabilities of file exfiltration and uploads, along with command execution. MINIBUS, on the other hand, has greater reconnaissance features with a "more flexible code execution interface," observed first in August 2023 and was last seen as recently as January 2024. In tangent, they create the perfect cyber-espionage weapon, being enabled only further by a custom "tunneler" called LIGHTRAIL that helps wrap internet traffic and hide malicious activity. All in all, this campaign uses tactics, techniques, and procedures (TTPs) that make activity difficult to prevent, detect and mitigate.
Vulnerabilities
Critical Zero-Day Vulnerability Exploited by Lazarus Hackers
The North Korean threat actor known as Lazarus has exploited a critical vulnerability in the Windows AppLocker driver named “appid.sys”. The attack granted the attackers kernel-level access and the ability to disable security tools, employing a zero-day exploit to bypass traditional Bring Your Own Vulnerable Driver (BYOVD) methods. This flaw, tracked as CVE-2024-21338, was discovered by Avast analysts and subsequently patched by Microsoft during the February 2024 Patch Tuesday, though not officially classified as a zero-day exploit. Lazarus exploited this vulnerability to enhance the capabilities of their FudModule rootkit, which now includes advanced evasion and disabling functionalities for security software like Microsoft Defender and CrowdStrike Falcon. Avast's investigation also uncovered a new, undocumented remote access trojan (RAT) used in these attacks, with further details expected to be shared at BlackHat Asia in April. The exploit involves manipulating the IOCTL (an abbreviation for input/output control) dispatcher in the “appid.sys” driver, allowing for arbitrary code execution and enabling stealthier, more persistent attacks by the Lazarus Group. Along with the patches, Microsoft has provided YARA rules for detecting the latest FudModule rootkit activity. CTIX analysts urge administrators to apply Microsoft's recent patches immediately to prevent future exploitation.
The semi-weekly Ankura Cyber Threat Investigations and Expert Services (CTIX) FLASH Update is designed to provide timely and relevant cyber intelligence pertaining to current or emerging cyber events. The preceding is a collection of cyber threat intelligence leads assembled over the past few days and typically includes high-level intelligence pertaining to recent threat group/actor activity and newly identified vulnerabilities impacting a wide range of industries and victims. Please feel free to reach out to the Flash Team (flash@ankura.com) if additional context is needed.
© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
