Financial Crime World

Cyber Threat Actor Group Targets Users and Organizations in Brazil

Introduction

A recent report has highlighted the activities of a cyber threat actor group called PINEAPPLE, which has been targeting users and organizations in Brazil. This group is known to abuse legitimate cloud services such as Google Cloud, Amazon AWS, and Microsoft Azure to distribute malware, including the Astaroth infostealer.

PINEAPPLE’s Tactics and Techniques

The report highlights several instances of PINEAPPLE’s activities, including:

Malicious Container URLs

  • Using compromised Google Cloud instances and projects to create malicious container URLs hosted on legitimate GCP domains.
  • Distributing malicious links via email to serve an unencrypted archive such as a ZIP, LNK, or other file types.

Spoofing Government Services

  • Spoofing the Brazilian government’s electronic tax document system (Portal da Nota Fiscal Eletrônica) to trick users into downloading malware.

Adaptation and Evolution

PINEAPPLE has experimented with other cloud services, including Microsoft and Tencent, and continues to adapt its tactics, techniques, and procedures (TTPs) in response to new detections.

Credential Phishing

In addition to PINEAPPLE’s activities, the report notes that credential phishing is a common threat affecting users and organizations in Brazil. It highlights an instance of phishing activity hosted on GCP serverless projects that were being used to harvest credentials for one of Latin America’s largest online payment platforms.

Key Takeaways

  • PINEAPPLE is a cyber threat actor group that targets users and organizations in Brazil.
  • The group abuses legitimate cloud services to distribute malware, including the Astaroth infostealer.
  • PINEAPPLE has experimented with various tactics, techniques, and procedures (TTPs) to evade detection.
  • Credential phishing is a common threat affecting users and organizations in Brazil.
  • Defenders in Brazil should adopt a proactive approach to cybersecurity to stay ahead of these threats.

Conclusion

Overall, this report provides valuable insights into the activities of PINEAPPLE and other cyber threat actor groups targeting Brazil. It highlights the need for defenders to be vigilant and proactive in their efforts to protect users and organizations from these threats.