Magecart Five Widens Attack Vectors, Targeting of Airbus Suppliers, & Tortoiseshell Developments

October 4, 2019 Digital Shadows

Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the top story of the week - Magecart Five Widens Attack Vectors.

Recent Magecart Five activity has included loading malicious Javascript files onto commercial-grade Layer 7 routers, injecting malicious code into a free, open-source app module, distributing phishing emails via an unspecified spamming service containing the KPOT trojan, embedding compromised websites with redirect code that results in the download of the RIG or Fallout exploit toolkits onto a target machine, and creating a phishing website imitating “G-Cleaner”, a w Windows garbage cleanup tool.

The team also discussed the other top stories of the week including:
- Suspected Chinese Threat Actor Targets Airbus Suppliers
- Tortoiseshell Lures American military-veteran job seekers
- Zendesk discloses 2016 data breach

 

Check out the full threat intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary

Previous Post
Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction
Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction

How can the modern network of .onion marketplaces be understood through novels about a cyberpunk dystopia?...

Next Post
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

When the attacker, Andrei Tyurin, pleaded guilty, we thought we could look at the attacker goals, their TTP...