Cyber Briefing - 2023.09.19
?? What's the latest in the cyber world today?
Ambersquid, Cryptojacking Operation, China, Earth Lusca, SprySOCKS, Linux , Backdoor, APT36, YouTube , Spyware, Bumblebee Malware, 瞻博网络 Firewalls, Germany, Gas terminals, Mark Cuban , MetaMask , 微软 Data Expose, USDoD, TransUnion , MOVEit, North Carolina, Healthcare, Lazarus APT, North Korea, Crypto, Pig Butchering, Texas Army National Guard , Chilean Army , Dragos, Inc. .
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
A cloud-native cryptojacking campaign, known as Ambersquid, has emerged as a significant threat, focusing its efforts on lesser-known Amazon Web Services offerings like AWS Amplify, AWS Fargate, and Amazon SageMaker to surreptitiously mine cryptocurrencies. This operation has been uncovered by Sysdig, a prominent cloud and container security firm, who revealed that AMBERSQUID was able to exploit AWS services without raising resource approval alerts.
A Chinese hacker known as 'Earth Lusca' has been targeting government agencies across multiple countries, employing a newly discovered Linux backdoor called 'SprySOCKS.' This malware, analyzed by Trend Micro, appears to be a fusion of different malware strains, borrowing functions from both Windows and Linux malware. Earth Lusca's attacks, primarily focused on foreign affairs, technology, and telecommunications institutions, spanned Southeast Asia, Central Asia, the Balkans, and other regions.
The APT36 hacking group, also known as 'Transparent Tribe,' has been spotted employing deceptive Android applications resembling YouTube to propagate their custom remote access trojan, 'CapraRAT.' Once the malware infiltrates a victim's device, it operates like a spyware tool, enabling data harvesting, audio and video recording, and access to sensitive communication data.
The notorious malware loader known as 'Bumblebee' has reemerged after a two-month hiatus, launching a fresh campaign that leverages innovative distribution methods exploiting 4shared WebDAV services. Intel471's researchers have uncovered this latest offensive, which commenced on September 7, 2023, and capitalizes on 4shared WebDAV services for loader distribution and post-infection activities.
New research has unveiled a significant security risk, as nearly 12,000 internet-exposed Juniper firewall devices are susceptible to a recently disclosed remote code execution vulnerability. Discovered by VulnCheck, this exploit for CVE-2023-36845 poses a grave threat, allowing unauthenticated remote attackers to execute arbitrary code on Juniper firewalls without leaving any trace. The issue affects older systems and can be exploited using a single cURL command, making it essential for users to promptly apply patches to safeguard their networks against potential cyber threats.
Germany's foreign intelligence service head, Bruno Kahl, has cautioned about the vulnerability of liquefied natural gas (LNG) terminals to state-sponsored cyberattacks. In response to Russia's impact on Germany's GDP due to gas dependency, the country initiated plans for new LNG terminals, which Kahl believes could become targets for future cyber threats. He emphasized Russia and China as major cyber threats to Germany, noting that even smaller states like North Korea, Vietnam, and Iran are investing in cyber capabilities to achieve significant impacts in the digital realm.
?? Cyber Incidents
Billionaire entrepreneur and investor Mark Cuban recently faced an unfortunate crypto hack, resulting in an $870,000 loss in various cryptocurrencies stored in his MetaMask wallet, as reported by DL News. The attack was discovered by on-chain investigator Wazz, who noticed unusual transactions in the wallet that had been dormant for over five months, labeled “Mark Cuban 2” on EtherScan.
Researchers at Wiz have uncovered a significant security breach at Microsoft involving the exposure of 38 terabytes of private data during a routine open-source AI training material update on GitHub. This exposed data encompasses a backup of employees' workstations, corporate secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The breach occurred due to misconfiguration in sharing Azure Storage account data using SAS tokens.
领英推荐
Sensitive data from consumer credit reporting agency TransUnion has been leaked by a threat actor known as "USDoD," according to vx-underground researchers. The breach includes personal information of 58,505 individuals across the globe, with details such as names, passport information, birthdates, employment data, financial transactions, credit scores, and more.
Healthcare technology firm Nuance has identified the Cl0p extortion gang as responsible for a series of data thefts at major North Carolina hospitals during the Progress MOVEit Transfer campaign. This campaign, which exploited a zero-day vulnerability in the MOVEit Transfer platform, affected healthcare providers like Atrium Health, Duke University Health System, and Novant Health, among others.
?? Cyber News
A recent report from blockchain cybersecurity firm Elliptic reveals that the North Korea-linked APT group Lazarus has managed to steal over $240 million worth of cryptocurrency in just 104 days since June 2023. Their targets include Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), Stake.com ($41 million), and the professional global cryptocurrency exchange CoinEx ($31 million).
Spanish police, in collaboration with Europol and Interpol, have dismantled a sophisticated illegal betting and match-fixing ring. This criminal network, initially identified in 2020, engaged in corrupting athletes, including football players in Romania, and placing suspicious bets on various sporting events. What makes this case unique is their use of satellite technology to gain an advantage by obtaining live feeds of matches before legitimate bookmakers, allowing them to make bets with insider knowledge.
Researchers from Sophos have unveiled a highly sophisticated cryptocurrency scam, dubbed 'pig butchering,' which has stolen over $1 million in just three months. The operation involved 14 domains and numerous nearly identical fraudulent websites, with scammers using fake trading pools in decentralized finance apps to defraud victims.
The Texas National Guard and the Chilean Army have conducted a joint cybersecurity exercise in Santiago, focusing on enhancing their capabilities and addressing vulnerabilities in the event of a cyber attack. This exercise, part of the long-standing State Partnership Program, aimed to strengthen the bonds between the two countries' military forces and bolster their readiness to respond to cyber threats. The collaboration underscores the importance of international cooperation in the face of evolving cybersecurity challenges and the need for ongoing skills development in the cyber-intelligence field.
A significant $74 million investment is set to fuel Dragos' expansion plans in Europe and Asia, with a particular focus on enhancing operational technology (OT) security in these regions. The investment comes as updated cybersecurity regulations impact smaller organizations in the European Union, and as cyber insurance providers increasingly require the use of security tools like those provided by Dragos to combat the growing threat of ransomware.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: