Capital One Breach, Ransomware Trends, and Threat Actors

August 2, 2019 Digital Shadows

Move out of the way, Harrison! We have a brand new host this week: Viktoria Austin, Strategy and Research Analyst, and Photon Research Team member. Viktoria is joined this week by Rose Bernard and Xueyin Peh in the London office.

In a malspam campaign, “Sodinokibi” targeted users in Germany using a spoofed Federal Office for Information Security (BSI) email domain and a data breach-themed lure, while in other countries ransomware attacks have been conducted against local government networks and a utility provider.

Capital One reported a data breach after an individual accessed an Amazon Web Services (AWS) server used by the organization, cyber espionage operations associated with China-linked “Winnti Group” reportedly targeted chemical and manufacturing organizations in Germany, and a campaign by Chinese state-affiliated threat actor “TA428” dubbed Operation LagTime IT has targeted government entities in East Asia since early 2019. All this and more fun in this week’s ShadowTalk.

*Apologies for some audio issues this week - we are working on a fix! The content is still just as great, though :)

Read this week’s intelligence summary at

Heading to Black Hat or DEF CON? Stop by our booth #1014 or catch our party Wednesday night. RSVP at

Previous Post
The Account Takeover Kill Chain: A Five Step Analysis
The Account Takeover Kill Chain: A Five Step Analysis

Here, we review account takeover from the perspective of the cybercriminal: why and how do cybercriminals p...

Next Post
2FA - Advice For Deployment & A Technical Assessment
2FA - Advice For Deployment & A Technical Assessment

Thinking about deploying 2FA? In this special interview, our Head of Cyber Security & IT, Craig Ellis, and ...