{"id":10604,"date":"2024-12-23T11:55:48","date_gmt":"2024-12-23T11:55:48","guid":{"rendered":"\/cybersecurity-blog\/?p=10604"},"modified":"2024-12-23T11:55:49","modified_gmt":"2024-12-23T11:55:49","slug":"cyber-attacks-december-2024","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/","title":{"rendered":"5 Major Cyber Attacks in December 2024"},"content":{"rendered":"\n<p>The cybersecurity research team of <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktolanding\">ANY.RUN<\/a> found and analyzed a bunch of emerging threats with the help of our mighty <a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> and <a href=\"https:\/\/intelligence.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktotilookup\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>.<\/p>\n\n\n\n<p>We\u2019ve been sharing their findings <a href=\"https:\/\/x.com\/anyrun_app\" target=\"_blank\" rel=\"noreferrer noopener\">via X<\/a> and in <a href=\"https:\/\/any.run\/cybersecurity-blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">our blog<\/a>. Here is a summary on the most interesting insights from December 2024.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Phishing Campaigns targeting Microsoft\u2019s Azure Blob Storage<\/h2>\n\n\n\n<p><a href=\"https:\/\/x.com\/anyrun_app\/status\/1863568916573827099\"><em>Original post on X<\/em><\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"680\" height=\"680\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2.png\" alt=\"\" class=\"wp-image-10611\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2.png 680w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2-300x300.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2-150x150.png 150w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2-70x70.png 70w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2-370x370.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image9-2-270x270.png 270w\" sizes=\"(max-width: 680px) 100vw, 680px\" \/><figcaption class=\"wp-element-caption\"> <em>Phishing page: HTML document with a characteristic attribute<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Cyber criminals are abusing Microsoft&#8217;s cloud-based file storage solution by hosting phishing pages on the service, employing techniques like HTML smuggling.<\/p>\n\n\n\n<p>The phishing pages are HTML documents that contain a block input element with the ID attribute &#8220;doom&#8221;. The pages include information about users\u2019 software obtained via JScript (OS and browser), to make them more convincing.<br><br>Phishing pages on Azure Blob Storage typically have a short lifespan. Attackers may host pages with redirects to phishing sites. With minimal suspicious content, these pages can evade detection slightly longer.<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/60157f76-92ec-463e-a1d0-c17930af3da6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice\">See the analysis session<\/a> in the ANY.RUN sandbox.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"512\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-1024x512.png\" alt=\"\" class=\"wp-image-10607\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-1024x512.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-300x150.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-768x384.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-1536x768.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-370x185.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-270x135.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1-740x370.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image6-1.png 1856w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>User&#8217;s credentials get stolen from fake sign-in form<\/em><\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>Threat actors leverage the *.blob.core.windows[.]net subdomain to store documents.<\/li>\n\n\n\n<li>Company logos are extracted using email address parsing and loaded from the logo[.]clearbit[.]com service.<\/li>\n\n\n\n<li>To collect and store stolen data, an HTTP POST request is sent to nocodeform[.]io for collecting form submissions.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"634\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2-1024x634.png\" alt=\"\" class=\"wp-image-10608\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2-1024x634.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2-300x186.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2-768x476.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2-370x229.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2-270x167.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2-740x458.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image7-2.png 1145w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>AI-generated summary of the attack in the sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Use the following <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> query to find threats targeting the set of requested domains: <\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-215\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"1\"\n           data-rows=\"1\"\n           data-wpID=\"215\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:100%;                    padding:10px;\n                    \"\n                    >\n                                        <a class=\"wpdt-link-content\" style=\"color: #009cff; text-decoration: underline\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktotilookup#%257B%2522query%2522:%2522domainName:%255C%2522.blob.core.windows.net%255C%2522%25C2%25A0and%25C2%25A0%25C2%25A0domainName:%255C%2522aadcdn.msauth.net%255C%2522%2520and%2520domainName:%255C%2522cdnjs.cloudflare.com%255C%2522%2520and%2520domainName:%255C%2522www.w3schools.com%255C%2522%2522,%2522dateRange%2522:180%257D\"  rel=\"\" target=\"_blank\" data-cell-id=\"00\" data-link-url=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktotilookup#%257B%2522query%2522:%2522domainName:%255C%2522.blob.core.windows.net%255C%2522%25C2%25A0and%25C2%25A0%25C2%25A0domainName:%255C%2522aadcdn.msauth.net%255C%2522%2520and%2520domainName:%255C%2522cdnjs.cloudflare.com%255C%2522%2520and%2520domainName:%255C%2522www.w3schools.com%255C%2522%2522,%2522dateRange%2522:180%257D\" data-link-text=\"domainName:&quot;.blob.core.windows.net&quot; and  domainName:&quot;aadcdn.msauth.net&quot; and domainName:&quot;cdnjs.cloudflare.com&quot; and domainName:&quot;www.w3schools.com&quot;\" data-link-target=\"true\" data-link-nofollow=\"0\" data-link-noreferrer=\"0\" data-link-sponsored=\"0\" data-link-btn-status=\"0\" data-link-btn-class=\"\" data-link-content=\"wpdt-link-content\">domainName:&quot;.blob.core.windows.net&quot; and  domainName:&quot;aadcdn.msauth.net&quot; and domainName:&quot;cdnjs.cloudflare.com&quot; and domainName:&quot;www.w3schools.com&quot;<\/a>                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-215'>\ntable#wpdtSimpleTable-215{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-215 td, table.wpdtSimpleTable215 th { white-space: normal !important; }\n<\/style>\n\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"690\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1-1024x690.png\" alt=\"\" class=\"wp-image-10609\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1-1024x690.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1-300x202.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1-768x518.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1-370x249.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1-270x182.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1-740x499.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image8-1.png 1326w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>See the Tasks tab in the search results for sandbox sessions with malicious URLs<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>And <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup#%257B%2522query%2522:%2522commandLine:%255C%2522https:\/*.blob.core.windows.net\/*.html%255C%2522%2522,%2522dateRange%2522:180%257D\">this search request<\/a> to find links to HTML pages hosted on Azure Blob Storage.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nGet <span class=\"highlight\">20 free requests<\/span> in TI Lookup <br>to enrich your threat investigations&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=cyber_attacks_december_24&#038;utm_term=231224&#038;utm_content=linktotiplans\/\" rel=\"noopener\" target=\"_blank\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Microsoft\u2019s OneDrive also fell victim to HTML Blob Smuggling Campaign<\/h2>\n\n\n\n<p><a href=\"https:\/\/x.com\/anyrun_app\/status\/1869379428477735197\">The original post on X<\/a><\/p>\n\n\n\n<p>As in the attack above, threat actors make victims believe they are logging into a legitimate platform.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-1024x1024.png\" alt=\"\" class=\"wp-image-10613\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-1024x1024.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-300x300.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-150x150.png 150w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-768x768.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-1536x1536.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-70x70.png 70w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-370x370.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-270x270.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2-740x740.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagea-2.png 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Phishing page disguised as OneDrive login form<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Using ANYRUN\u2019s <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITM feature<\/a>, we extracted base.js from the traffic and decoded it. The attack begins with a bait placed on OneDrive. After clicking the link, the user is redirected to the main page containing the HTML Blob Smuggling code. After entering their credentials, victims are redirected to a legitimate website.<br><br>Stolen credentials are sent via an HTTP POST request to the C2 server.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-1024x1024.png\" alt=\"\" class=\"wp-image-10616\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-1024x1024.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-300x300.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-150x150.png 150w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-768x768.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-1536x1536.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-70x70.png 70w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-370x370.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-270x270.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3-740x740.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imageb-3.png 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Attack details: image sources, stolen data route<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>The website\u2019s design, background, and icons are stored on IPFS, while lure images, mimicking real services, are hosted on imgur .com.<\/p>\n\n\n\n<p>View the attack unfold in the wild: <a href=\"https:\/\/app.any.run\/tasks\/72d89e45-ae4f-4808-9125-3b7d84a0482c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice\">one<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/ad0a4b1a-a106-48cc-94bf-420675321a53\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice\">other<\/a>, or yet <a href=\"https:\/\/app.any.run\/tasks\/a47ee9d9-d4ae-47d2-a4a8-24115f48f423\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice\">another<\/a> sandbox session.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nAnalyze malicious files and links with ANY.RUN&#8217;s <span class=\"highlight\">Interactive Sandbox<\/span> for free&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=cyber_attacks_december_24&#038;utm_term=231224&#038;utm_content=linktodemo\" rel=\"noopener\" target=\"_blank\">\nGet 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Phishing links in Microsoft Dynamics 365 web forms<\/h2>\n\n\n\n<p><a href=\"https:\/\/x.com\/anyrun_app\/status\/1866848960477884597\"><em>Original post on X<\/em><\/a><\/p>\n\n\n\n<p>And again, a Microsoft service utilized for malicious activity. Phishers create forms with embedded links on *.microsoft.com subdomains. The links that users receive look legitimate, so people feel safe opening them.<\/p>\n\n\n\n<p>With <a href=\"https:\/\/intelligence.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktotilookup\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, we uncovered a link that tricked users into attempting to access a non-existent PDF file hosted on a Microsoft website.<\/p>\n\n\n\n<p>Phishing URL: hxxps:\/\/customervoice.microsoft[.]com\/Pages\/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUNVIzNlI5MEhCNlBPRFMwMklUV0JZVTkxVS4u<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"1024\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1-768x1024.png\" alt=\"\" class=\"wp-image-10620\" style=\"width:457px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1-768x1024.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1-225x300.png 225w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1-1152x1536.png 1152w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1-370x493.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1-270x360.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1-740x987.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagec-1.png 1200w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><figcaption class=\"wp-element-caption\"><em>Malicious page looks like a document hosted within Microsoft service<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Use <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice#%257B%2522query%2522:%2522URL:%255C%2522customervoice.microsoft.com%255C%2522%2522,%2522dateRange%2522:180%257D\">this simple query for TI Lookup<\/a> to find attacks employing this technique and view them unveiled in our sandbox.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"562\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-1024x562.png\" alt=\"\" class=\"wp-image-10622\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-1024x562.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-768x421.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-1536x843.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-370x203.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-270x148.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1-740x406.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imaged-1.png 1653w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>URLs engaged in the attack, found by TI Lookup<\/em><\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Anatomy of a fresh LogoKit<\/h2>\n\n\n\n<p><a href=\"https:\/\/x.com\/anyrun_app\/status\/1864624052670763400\"><u><em>Original post on X<\/em><\/u><\/a><\/p>\n\n\n\n<p>LogoKit is a comprehensive set of phishing tools known for using services that offer logos and screenshots of target websites. Our team has researched the algorithm of such an attack.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-1024x576.png\" alt=\"\" class=\"wp-image-10628\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-2048x1152.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/imagee-2-740x416.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Icons, pictures, backgrounds, forms: LogoKit-powered fake page<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Let&#8217;s look at the <a href=\"https:\/\/app.any.run\/tasks\/1362e3bd-72a9-44a3-9128-5919fb6a6fd9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice\">example run in our sandbox<\/a>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The company&#8217;s logo is fetched from a legitimate logo storage service: hxxps:\/\/logo.clearbit[.]com\/&lt;Domain&gt;.<br><br><\/li>\n\n\n\n<li>The background is retrieved via request to a website screenshot service, using the following template: hxxps:\/\/thum[.]io\/get\/width\/&lt;DPI&gt;\/https:\/\/&lt;Domain&gt;.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The domain chain is led by a decoder-redirector: hxxps:\/\/ asiangrocers [.]store\/fri\/?haooauvpco=bWlubmllQGRpc25leS5jb20. It is a fake Asian food store website built on a #WordPress template, with a domain age of around four years. The template contains email addresses filled with typos.<\/li>\n<\/ul>\n\n\n\n<p>The decoder-redirector shields the page from analysis and redirects the victim to the actual phishing page.<\/p>\n\n\n\n<p>In our example, the real content of the phishing page and the associated scripts are hosted on the Cloudflare Pages platform. They are stored in the assets\/ folder, which contains styles, images, and scripts<\/p>\n\n\n\n<p>Three scripts with random 10-character names are designed to protect the page from analysis and send stolen data to the threat actors:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>assets\/js\/e0nt7h8uiw[.]js<\/li>\n\n\n\n<li>assets\/js\/vddq2ozyod[.]js<\/li>\n\n\n\n<li>assets\/js\/j3046eqymn[.]js<\/li>\n<\/ul>\n\n\n\n<p>The stolen authentication data is sent to a remote Command and Control server controlled by the attackers via an HTTP POST request containing the following parameters: fox=&amp;con=<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Manufacturers, beware: an attack combining Lumma and Amadey is targeting you<\/h2>\n\n\n\n<p>The cybercriminals\u2019 tactics of attacking the manufacturing industry are recently evolving from data encryption to snatching control over critical infrastructure and stealing sensitive information.<\/p>\n\n\n\n<p>The consequences of such attacks can be severe, leading to theft of intellectual property, disruption of operations, financial losses, and compliance violations. Businesses need to take the threat most seriously, understand it and get prepared.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"756\" height=\"732\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/4image.png\" alt=\"\" class=\"wp-image-10282\" style=\"width:650px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/4image.png 756w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/4image-300x290.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/4image-370x358.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/4image-270x261.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/4image-740x717.png 740w\" sizes=\"(max-width: 756px) 100vw, 756px\" \/><figcaption class=\"wp-element-caption\"><em>Attack used Emmenhtal loader to facilitate infection<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>This December, we have <a href=\"https:\/\/any.run\/cybersecurity-blog\/manufacturing-companies-targeted-with-lumma\/\" target=\"_blank\" rel=\"noreferrer noopener\">analyzed a new attack<\/a> aimed at industrial market players. The mechanics are based on <a href=\"https:\/\/any.run\/malware-trends\/lumma\" target=\"_blank\" rel=\"noreferrer noopener\">Lumma Stealer<\/a> and <a href=\"https:\/\/any.run\/malware-trends\/amadey\" target=\"_blank\" rel=\"noreferrer noopener\">Amadey<\/a> Bot. The former hunts for valuable information, the latter takes control over the infected systems. <a href=\"https:\/\/app.any.run\/tasks\/11a68474-4e9a-4070-9b23-b8d244c9fc02\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice\">View analysis<\/a>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It all starts with phishing emails with URLs leading users to download LNK files disguised as PDFs;<\/li>\n\n\n\n<li>The malicious LNK file, once activated, initiates PowerShell via an ssh.exe command. Following a chain of scripts, a CPL file is downloaded;<\/li>\n\n\n\n<li>PowerShell and Windows Management Instrumentation (WMI) commands are utilized to collect detailed information about the victim\u2019s system.<\/li>\n<\/ul>\n\n\n\n<p>For the details, <a href=\"https:\/\/any.run\/cybersecurity-blog\/manufacturing-companies-targeted-with-lumma\/\">read<\/a> our blog post, <a href=\"https:\/\/app.any.run\/tasks\/11a68474-4e9a-4070-9b23-b8d244c9fc02\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice\">view<\/a> analysis session in our sandbox and dive deeper with TI Lookup. Use <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktoservice#%257B%2522query%2522:%2522filePath:%255C%2522dbghelp.dll%255C%2522%2520AND%2520threatName:%255C%2522lumma%255C%2522%2522,%2522dateRange%2522:180%257D\">the search query<\/a> with the name of the threat and the path to one of the malicious files used in the attack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=psloramyra&amp;utm_term=271124&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">intera<\/a><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=dfir_use_cases&amp;utm_term=181224&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">c<\/a><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">tive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>With ANY.RUN you can:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in seconds<\/li>\n\n\n\n<li>Interact with samples in real time<\/li>\n\n\n\n<li>Save time and money on sandbox setup and maintenance<\/li>\n\n\n\n<li>Record and study all aspects of malware behavior<\/li>\n\n\n\n<li>Collaborate with your team&nbsp;<\/li>\n\n\n\n<li>Scale as you need<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_december_24&amp;utm_term=231224&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Get 14-day free trial of ANY.RUN&#8217;s Interactive Sandbox \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The cybersecurity research team of ANY.RUN found and analyzed a bunch of emerging threats with the help of our mighty Interactive Sandbox and Threat Intelligence Lookup. We\u2019ve been sharing their findings via X and in our blog. Here is a summary on the most interesting insights from December 2024. Phishing Campaigns targeting Microsoft\u2019s Azure Blob [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":10641,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[57,10,34,40],"class_list":["post-10604","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-analysis","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>5 Major Cyber Attacks in December 2024 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Discover the latest cyber attacks in December 2024 and see technical analysis of the new tactics used by threat actors.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"5 Major Cyber Attacks in December 2024\",\"datePublished\":\"2024-12-23T11:55:48+00:00\",\"dateModified\":\"2024-12-23T11:55:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/\"},\"wordCount\":1182,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Malware Analysis\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/\",\"name\":\"5 Major Cyber Attacks in December 2024 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-12-23T11:55:48+00:00\",\"dateModified\":\"2024-12-23T11:55:49+00:00\",\"description\":\"Discover the latest cyber attacks in December 2024 and see technical analysis of the new tactics used by threat actors.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Analysis\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/malware-analysis\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"5 Major Cyber Attacks in December 2024\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"5 Major Cyber Attacks in December 2024 - ANY.RUN&#039;s Cybersecurity Blog","description":"Discover the latest cyber attacks in December 2024 and see technical analysis of the new tactics used by threat actors.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"5 Major Cyber Attacks in December 2024","datePublished":"2024-12-23T11:55:48+00:00","dateModified":"2024-12-23T11:55:49+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/"},"wordCount":1182,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","malware behavior"],"articleSection":["Malware Analysis"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/","url":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/","name":"5 Major Cyber Attacks in December 2024 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-12-23T11:55:48+00:00","dateModified":"2024-12-23T11:55:49+00:00","description":"Discover the latest cyber attacks in December 2024 and see technical analysis of the new tactics used by threat actors.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Malware Analysis","item":"https:\/\/any.run\/cybersecurity-blog\/category\/malware-analysis\/"},{"@type":"ListItem","position":3,"name":"5 Major Cyber Attacks in December 2024"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10604"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=10604"}],"version-history":[{"count":41,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10604\/revisions"}],"predecessor-version":[{"id":10681,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10604\/revisions\/10681"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/10641"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=10604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=10604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=10604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}