Muddled Libra

Threat Actor updated 8 months ago (2024-11-29T13:43:11.484Z)
Download STIX
Preview STIX
Muddled Libra, a threat actor subgroup known for its sophisticated cyber-attack techniques, has recently been noted for its advanced exfiltration and discovery methods using AWS and Azure cloud services. The group has not claimed responsibility for any specific attacks, but their tactics align closely with those used by the cybercrime group codenamed Scattered Spider, also known as UNC3944, 0ktapus, Octo Tempest, Scatter Swine, and Muddled Libra. This implies that they may have been involved in recent high-profile cyber-attacks such as the MoneyGram attack. Their constantly evolving attack strategies make them a significant threat to cybersecurity, yet understanding their end goals can help defenders build better protections. In terms of specific techniques, Muddled Libra exploits legitimate cloud service provider (CSP) features to efficiently exfiltrate data. In AWS environments, they target two legitimate services, AWS DataSync and AWS Transfer, to move data from an on-premises environment to the cloud and then to an external entity. For Azure environments, Muddled Libra uses traditional VM functionality known as snapshots to take images of hosts containing sensitive information. They then create new VMs within the compromised environment, save operational data from the snapshots to these new hosts for staging, and subsequently exfiltrate the data. The Muddled Libra threat actor group is known for its complex attack chain, particularly in the cloud. By leveraging legitimate CSP services and creating new VMs within compromised environments, they can efficiently stage and exfiltrate data. Despite their ever-changing tactics, understanding their ultimate objectives can guide the implementation and improvement of technology protections to safeguard environments against such threats. However, their alignment with the tactics of other known cybercrime groups suggests that they are part of a larger network of malicious actors, making them a persistent and significant threat to cybersecurity.
Description last updated: 2024-10-08T18:16:34.988Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Scattered Spider is a possible alias for Muddled Libra. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th
6
UNC3944 is a possible alias for Muddled Libra. UNC3944, also known as Scattered Spider or 0ktapus, is a notable threat actor in the cybersecurity landscape. This group primarily targets telecommunication firms and tech companies, but has expanded its operations to hospitality, retail, media, and financial services sectors. The group's modus oper
3
Octo Tempest is a possible alias for Muddled Libra. Octo Tempest, also known as Scattered Spider or 0ktapus, is a notable threat actor group in the cybercrime landscape. The group, comprised of five individuals in their early 20s, has been linked to major data extortion campaigns against high-profile targets such as Caesars Entertainment and MGM, oft
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cybercrime
Phishing
Ransomware
Rmm
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Muddled Libra. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient pUnspecified
2
Source Document References
Information about the Muddled Libra Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
7 days ago
Securityaffairs
8 days ago
Securityaffairs
a month ago
Securityaffairs
a month ago
InfoSecurity-magazine
3 months ago
Unit42
3 months ago
BankInfoSecurity
10 months ago
Unit42
a year ago
CERT-EU
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CISA
2 years ago
CERT-EU
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago