Weekly Intelligence Summary 17 Jan 2020

The United States National Security Agency (NSA) released a cyber security advisory about the threat group “Sandworm”, likely a unit of the Russian GRU military intelligence agency.

A new ideologically motivated threat group, “CyberWare”, has been observed using ransomware in wiper attacks against companies it believes are conducting scams.

A threat group by the name of ShinyHunters has flooded dark web marketplaces and criminal forums with leaked databases belonging to at least 18 companies.

The apparent resurgence of advanced persistent threat (APT) group “Naikon” has established that “out of sight” does not mean “inactive”; despite scant reporting on the group in recent years, Naikon ha

Researchers have reported on active cyber-threat campaigns exploiting a cross-site scripting (XSS) vulnerability in a WordPress website theme.

From January to April 2020 the Vietnamese state-linked cyber-threat group “APT32” conducted intrusion attacks on Chinese entities, likely to collect intelligence on COVID-19 developments in the People

Following a likely ransomware attack targeting the Czech Republic’s second-largest hospital, the Czech National Cyber and Information Security Agency (NÚKIB/NCISA) released a warning detailing the imm

The persistent and financially motivated cybercriminal group “FIN6” has reportedly partnered with the operators behind the “TrickBot” banking trojan.

APT37 re-emerges, exploits cloud for espionage

The cybercriminal group “FIN7” recently distributed malware via USB flash drives mailed to United States-based targets. Also included in the packages were fake letters, gift cards, and gifts to entice

This week an online troll took advantage of Zoom’s screen-sharing feature to subject participants of a daily public Zoom meeting to pornographic and other graphic content, disrupting an otherwise ...

Microsoft and partners in 35 countries have taken legal and technical steps to disrupt the highly prolific “Necurs” botnet. Analysis of the domain generation algorithm (DGA) used by Necurs led to iden

The financially motivated threat actor “TA505” has continued unleashing phishing-related cyber attacks in late 2019 and early 2020, regularly debuting new or updated malware to better evade detection

In the Spotlight this week: The “Cerberus” banking trojan was observed stealing one-time password (OTP) codes from the Google Authenticator app to gain access to user accounts.

After a two-year hiatus, the “OurMine” group has conducted three cyber campaigns in 2020, compromising organizations’ social media accounts to promote the group’s own security services.

With the Tokyo 2020 Olympic Games fast approaching, the cyber security concerns and evolving attack methods are already taking centre stage of threat intelligence discussions

A recently discovered campaign has used the legitimate storage services of BitBucket to facilitate malware distribution and increase the perceived trust between an unknown threat actor and a targeted

The recent disclosure of a vulnerability in Citrix devices was quickly followed by multiple exploitations before patches were introduced, reflecting the danger of announcing a critical vulnerability w

The “Fractured Statue” cyber-threat campaign of 2019 has highlighted the difficulties in naming perpetrators based on overlapping tools and tactics. The campaign, carried out over four months and targ

During the past 12 months, Digital Shadows has observed a rise in “mobile malware”―the use of malware targeting mobile devices/operating systems (OS)―as well as legitimate apps used maliciously.