ATTACKER: Actors Behind Blackgear Campaign Update C2 Methods
Who or What is Blackgear? Blackgear, also known as Topgear and Comnie, is a cyberespionage campaign that has been active since at least 2008. It primarily targets organizations within Japan, South Korea, and Taiwan, focusing on sectors like public administration and high-technology industries. Blackgear is known for its sophisticated use of malware tools, such as […]
TARGET: Labcorp Ransomware Attack
LabCorp, one of the largest clinical laboratory networks in the US, reported to the SEC that it had many of its assets infected with ransomware. The 50 minute attack that occurred on July 13th beginning at midnight was suspected to be caused by the attackers entering the network via brute force with public RDP and […]
Drone Security Breach: How a Simple Router Vulnerability Exposed Sensitive Military Data
July 11th – In June 2018, Recorded Future observed a hacker on the Dark Web selling the technical plans and training manual of the MQ-9 Reaper UAV (unmanned aerial vehicle) for $150 to $200. The MQ-9 Reaper was introduced in 2001 by General Atomics and is currently in use by the U.S. Air Force, the […]
Method: Latest updates on the RIG Exploit Kit
On May 31st, Trend Micro posted technical analysis on updates to the RIG Exploit Kit. Updates include the delivery of a cryptocurrency mining malware as its final payload. Recently, it has been observed to exploit CVE-2018-8174, which affects the VBScript Engine accessed by Internet Explorer and Microsoft Office documents on systems running Windows 7 and […]
Method: FakeSpy – Android Trojan targeting Japanese and Korean Speaking Users
On June 19th, TrendMicro released technical analysis on FakeSpy malware targeting Korean and Japanese mobile users. FakeSpy has been observed sending mobile text messages with a malicious link message that prompts a malicious Android application package. This application masquerades itself as an app for local consumer financial service companies to Korean users. For Japanese users, […]
METHOD – RANCOR Malware: Southeast Asia
A new malware campaign was observed this month, which appears to be politically driven and targets organizations operating in southeast Asia. The malware was dubbed “RANCOR” by Palo Alto researchers and falls under the Trojan malware classification. Additionally, the malware appears to make use of code from two malware families: DDKONG and PLAINTEE. The malware […]
TARGET: Dixons Carphone Breach exposes 1.2 million customers data
On June 13th, The popular U.K. based electronic and telecom retailer Dixons Carphone disclosed that it has recently discovered that it was breached in 2017 which may have compromised almost 6 million payment cards and 1.2 million personal data records. The company disclosed that there had been unauthorized access to sensitive data starting in July […]
Target: Exactis Data Leak – 340 Million Records Exposed
Published June 28, 2018, the database leak of Florida-based marketing and data aggregation firm Exactis has been disclosed to the public. Exactis focuses on the mass collection and trading of data in order to provide highly accurate and targeted advertisements to its audience. This is considered to be one of the biggest breaches of all […]
Method – MirageFox Malware
On June 18th, malware researcher, Jay Rosenberg released some interesting findings on a binary that was analyzed by the company Intezer. The code was retrieved through VirusTotal hunting. VirusTotal is a tool used by the global cybersecurity community that allows users to upload suspicious executables to an engine to check if antivirus vendors detect anything […]
Actor – APT 15 / Vixen Panda
A suspected state-sponsored Chinese threat actor that is known as APT 15 (FireEye) or Vixen Panda (Crowdstrike), and activity documented as Operation Ke3chang (FireEye and Palo Alto) has recently resurfaced again in conversations. The activity of this group was suspected to start as early as 2009. The first major public release of information on this […]
Target – FAPD Phishing HIPAA Breach
On June 1st, the Florida Agency for Persons with Disabilities (FAPD) disclosed that a phishing attack had compromised a single email account. The email account contained information that had PHI of over 1,951 customers and/or guardians. Although no evidence was gathered that indicated the information was accessed, FAPD could not completely rule out that it […]
Method: Hidden Cobra TYPEFRAME Malware Activity
On June 14th, US-CERT released a Malware Analysis Report (AR18-165A) that details a set of malware, code-named TYPEFRAME, with the earliest observed sample dating back to 2015. This malware appears to have been leveraged by North Korea’s threat actor HIDDEN COBRA (aka Lazarus). The Trojan has the capability to download and install malware, proxies and […]