Twelve

Twelve is a malicious software (malware) identified by ESET researchers that has been used in espionage activities targeting Android applications. This malware has been discovered in twelve Android apps, six of which were available on Google Play and the other six found on VirusTotal. The malware shares similarities with MegaCortex ransomware, as both are designed to terminate twelve hard-coded processes, indicating a possible connection or shared origin between them. The BlackJack group, a known cyber threat actor, has been linked to Twelve through an investigation into their tools, malware, and procedures. Evidence suggests that Twelve was also utilized by Crypt Ghouls, another cyber threat group, as indicated by the discovery of Intellpui.vbs, a loader for CobInt, on one of the systems they attacked. It's worth noting that the Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned twelve Kaspersky Lab executives for their role in the Russian company, suggesting potential ties between these executives and the malware operations. The malware has shown significant activity against the cities housing the Reserve Banks, including Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco. These attacks have been publicly announced by the threat group on its leak site. Despite a decreasing trend in SSL 2.0 support over the past year, there is still a notable presence of this outdated security protocol, potentially leaving web servers vulnerable to Twelve. The implementation of countermeasures against Twelve will be undertaken by twelve different regulators.