- In the spotlight this week: New malware known as ElectricFish has been attributed to the North Korean threat collective “Lazarus Group” by the United States Department of Homeland Security (DHS). The malware bypasses the authentication protocols used by proxy servers, creating a tunnel to exfiltrate information from a compromised system to an attacker-controlled server.
- Highlights from the week include: the exploitation of a vulnerability in the popular WhatsApp message app to deliver spyware, the dark-web sale of system and network information for three United States-based antivirus companies, and the distribution of “Plead” malware following a man-in-the-middle attack that hijacked a legitimate software update.
Most Recent Flipbooks
Weekly Intelligence Summary 07 August 2020
“Lazarus Group” has reportedly used their newly identified “MATA” malware framework and newly created “VHD” ransomware to target high-profile victims.
Weekly Intelligence Summary 31 July 2020
After exposing more than 300 million user records in May 2020, the “ShinyHunters” threat group has allegedly returned with a second stage of data leaks.
Weekly Intelligence Summary 24 July 2020
On 15 July 2020 threat actors compromised 130 Twitter accounts to promote a cryptocurrency scam, which reportedly garnered at least USD 121,000.
Weekly Intelligence Summary 17 July 2020
A cybercriminal-forum user claims to have accessed and exfiltrated 15 billion records pertaining to multiple companies by compromising Data Viper, a cyber-security firm that holds breached data.
Weekly Intelligence Summary 10 July 2020
Ransomware appeared on the horizon long before 2020, but has arguably taken the cyber-threat landscape by storm over the past six months.
Weekly Intelligence Summary 03 July 2020
A two-pronged approach in a new cyber-threat campaign revealed cooperation between the “InvisiMole” threat collective and pro-Russia group “Gamaredon”
Weekly Intelligence Summary 26 June 2020
A cyber-threat campaign was discovered exploiting an Adobe Campaign redirection flaw and abusing mail servers for heavily obfuscated phishing attacks.
Weekly Intelligence Summary 19 June 2020
Two malware variants used in simultaneous cyber-threat campaigns against United States utility entities have been linked to a single threat group.
Weekly Intelligence Summary 12 June 2020
The “Maze” group recently began collaborating with other ransomware operators by hosting their victims’ leaked data on the Maze News website.
Weekly Intelligence Summary 05 June 2020
The United States National Security Agency (NSA) released a cyber security advisory about the threat group “Sandworm”, likely a unit of the Russian GRU military intelligence agency.
Weekly Intelligence Summary 29 May 2020
A new ideologically motivated threat group, “CyberWare”, has been observed using ransomware in wiper attacks against companies it believes are conducting scams.
Weekly Intelligence Summary 22 May 2020
A threat group by the name of ShinyHunters has flooded dark web marketplaces and criminal forums with leaked databases belonging to at least 18 companies.
Weekly Intelligence Summary 15 May 2020
The apparent resurgence of advanced persistent threat (APT) group “Naikon” has established that “out of sight” does not mean “inactive”; despite scant reporting on the group in recent years, Naikon ha
Weekly Intelligence Summary 08 May 2020
Researchers have reported on active cyber-threat campaigns exploiting a cross-site scripting (XSS) vulnerability in a WordPress website theme.
Weekly Intelligence Summary 01 May 2020
From January to April 2020 the Vietnamese state-linked cyber-threat group “APT32” conducted intrusion attacks on Chinese entities, likely to collect intelligence on COVID-19 developments in the People
Weekly Intelligence Summary 24 Apr 2020
Following a likely ransomware attack targeting the Czech Republic’s second-largest hospital, the Czech National Cyber and Information Security Agency (NÚKIB/NCISA) released a warning detailing the imm
Weekly Intelligence Summary 17 Apr 2020
The persistent and financially motivated cybercriminal group “FIN6” has reportedly partnered with the operators behind the “TrickBot” banking trojan.
Weekly Intelligence Summary 03 Apr 2020
The cybercriminal group “FIN7” recently distributed malware via USB flash drives mailed to United States-based targets. Also included in the packages were fake letters, gift cards, and gifts to entice
Weekly Intelligence Summary 27 Mar 2020
This week an online troll took advantage of Zoom’s screen-sharing feature to subject participants of a daily public Zoom meeting to pornographic and other graphic content, disrupting an otherwise ...