Capital One Breach, Ransomware Trends, and Threat Actors

August 2, 2019 Digital Shadows

Move out of the way, Harrison! We have a brand new host this week: Viktoria Austin, Strategy and Research Analyst, and Photon Research Team member. Viktoria is joined this week by Rose Bernard and Xueyin Peh in the London office.

In a malspam campaign, “Sodinokibi” targeted users in Germany using a spoofed Federal Office for Information Security (BSI) email domain and a data breach-themed lure, while in other countries ransomware attacks have been conducted against local government networks and a utility provider.

Capital One reported a data breach after an individual accessed an Amazon Web Services (AWS) server used by the organization, cyber espionage operations associated with China-linked “Winnti Group” reportedly targeted chemical and manufacturing organizations in Germany, and a campaign by Chinese state-affiliated threat actor “TA428” dubbed Operation LagTime IT has targeted government entities in East Asia since early 2019. All this and more fun in this week’s ShadowTalk.

*Apologies for some audio issues this week - we are working on a fix! The content is still just as great, though :)

Read this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary

Heading to Black Hat or DEF CON? Stop by our booth #1014 or catch our party Wednesday night. RSVP at https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=shadowtalk

Previous Post
Capital One Breach: What we know and what you can do
Capital One Breach: What we know and what you can do

Monday blues. It’s a thing. It’s when you start the week feeling moody because your weekend is over. The fe...

Next Post
The CyberWire Daily Podcast: Too Much Information: The Sequel
The CyberWire Daily Podcast: Too Much Information: The Sequel

Tamika Smith speaks with Harrison Van Riper from Digital Shadows aboutour recent report, “Too Much Informat...