ATTACKER – Leafminer Expanding Operations to Target United States ICS Entities
In July of 2018, the threat actor Leafminer was detailed by Symantec as having targeted a list of government organizations and business verticals in the Middle East since at least early 2017. The article also detailed several aspects of how the attacker attempted to breach targets. One method detailed was the attackers using “file://” URLs […]
Method: SIM Swapping Used to Target Cryptocurrency Entrepreneurs
Police in California arrested a 20 year old from Boston at Los Angeles International Airport on his way to Europe. The individual, Joel Ortiz, was accused of targeting cryptocurrency entrepreneurs by compromising their two factor authentication hosted on their mobile phone number by a method called SIM swapping. The results of his activities are rumored […]
TARGET: Valve Game in Marketplace Distributed Cryptocurrency Miner
Valve pulled the game “Abstractism” from the Steam store after several sources on the internet stated the game was suspected to contain a cryptocurrency-mining bot. Youtube user SidAlpha and other bloggers on the internet flagged the game for very suspicious behavior such as the gaming package being flagged by antivirus software, the authors stating that […]
METHOD: Scammers Use Breached Personal Data in Phishing Campaigns
Scammers often use a wide spectrum of social engineering methods when persuading potential victims to follow the desired course of action. Recent campaigns are using details gathered in mass breaches such as passwords, email addresses, and other personal information gained from past data compromises. Such example of scams include: 1) Personalized Porn Extortion Scam […]
VULNERABILITY: New Bluetooth Hack Affects Millions of Devices from Major Vendors
A bluetooth vulnerability tracked as CVE-2018-5383 has been found affecting bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The vulnerability affects firmwares or operating system software drivers from major vendors like Apple, Broadcom, Intel and Qualcomm while the implication […]
Attacker: Corporate iPhones Attacked in MDM Campaign
This month security organizations and researchers discovered an attack that utilizes Apple’s popular and open source Mobile Device Management (MDM) system for iPhones. The MDM suite allows enterprises to conveniently deploy and manage employees’ iPhones remotely. The attackers in this campaign appear to have used social engineering to persuade unsuspecting users to enroll in MDM […]
TARGET: SingHealth Patient Data Breach
Singapore authorities reported on a cyber-attack affecting SingHealth, the largest group of healthcare institutions in Singapore. This cyber-attack is the largest known cyber-attack targeting organizations based in Singapore that has been reported by Singapore news media. The cyber-attack appears to have resulted in a data breach affecting around 1.5 million patients who visited SingHealth between […]
ATTACKER: Actors Behind Blackgear Campaign Update C2 Methods
Who or What is Blackgear? Blackgear, also known as Topgear and Comnie, is a cyberespionage campaign that has been active since at least 2008. It primarily targets organizations within Japan, South Korea, and Taiwan, focusing on sectors like public administration and high-technology industries. Blackgear is known for its sophisticated use of malware tools, such as […]
TARGET: Labcorp Ransomware Attack
LabCorp, one of the largest clinical laboratory networks in the US, reported to the SEC that it had many of its assets infected with ransomware. The 50 minute attack that occurred on July 13th beginning at midnight was suspected to be caused by the attackers entering the network via brute force with public RDP and […]
Drone Security Breach: How a Simple Router Vulnerability Exposed Sensitive Military Data
July 11th – In June 2018, Recorded Future observed a hacker on the Dark Web selling the technical plans and training manual of the MQ-9 Reaper UAV (unmanned aerial vehicle) for $150 to $200. The MQ-9 Reaper was introduced in 2001 by General Atomics and is currently in use by the U.S. Air Force, the […]
Method: Latest updates on the RIG Exploit Kit
On May 31st, Trend Micro posted technical analysis on updates to the RIG Exploit Kit. Updates include the delivery of a cryptocurrency mining malware as its final payload. Recently, it has been observed to exploit CVE-2018-8174, which affects the VBScript Engine accessed by Internet Explorer and Microsoft Office documents on systems running Windows 7 and […]
Method: FakeSpy – Android Trojan targeting Japanese and Korean Speaking Users
On June 19th, TrendMicro released technical analysis on FakeSpy malware targeting Korean and Japanese mobile users. FakeSpy has been observed sending mobile text messages with a malicious link message that prompts a malicious Android application package. This application masquerades itself as an app for local consumer financial service companies to Korean users. For Japanese users, […]