Weekly: Lebanese Cedar, Nefilim Ghost Credentials, and More on SolarWinds and Emotet

February 5, 2021 Digital Shadows

ShadowTalk hosts Stefano, Adam, and Kim bring you the latest in threat intelligence. This week they cover:

  • More threat actors and attack vectors are being investigated in the SolarWinds compromise
  • Law enforcement officials in the Netherlands are delivering an Emotet update that will remove it from infected devices
  • Kim talks Lebanese Cedar - What’s new in their latest attack?
  • Adam reviews Nefilim ransomware - how were they able to gain access and why it reinforces the need for securing employee accounts
  • Plus, don’t miss the malware name of the week!

Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-february

***Resources from this week’s podcast***

SolarWinds Update: https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601

Lebanese Cedar: https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf

Nefilim Ghost Credentials: https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/

Zinc Attacks: https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

Emotet Disruption: https://www.digitalshadows.com/blog-and-research/emotet-disruption/

DarkMarket Seizure: https://www.digitalshadows.com/blog-and-research/darkmarkets-seizure/

Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Previous Report
Weekly Intelligence Summary 12 February
Weekly Intelligence Summary 12 February

Following the disclosure of the SolarWinds supply-chain compromise in December 2020, details continue to em...

Next Report
Weekly Intelligence Summary 05 February
Weekly Intelligence Summary 05 February

The North Korean advanced persistent threat (APT) group “ZINC” has been targeting cyber-security profession...