CYFIRMA: Cybersecurity Dossier - Oct 13, 2023

Threat Actor in Focus:

Cyber Attack in East Asia's Semiconductor Sector Linked to Chinese State Sponsorship?

In a recent observation, researchers have uncovered a cyber espionage campaign targeting the semiconductor industry in Mandarin/Chinese-speaking East Asian regions, including Taiwan, Hong Kong, and Singapore. The threat actors employed a variant of the HyperBro loader, using a lure related to Taiwan Semiconductor Manufacturing. Their employed TTPs show significant overlap with activities previously attributed to a cyber espionage group associated with the People's Republic of China, however, researchers cannot confirm the specific APT behind the attack. The HyperBro loader variant takes advantage of a digitally signed CyberArk binary for DLL-Side loading, ultimately resulting in the execution of a Cobalt Strike beacon in the system's memory.?

READ MORE

NORTH KOREA–RUSSIA SUMMIT : A NEW ALLIANCE IN CYBERSPACE??

On the 13th September 2023 North Korean leader Kim Jong Un took a rare trip beyond his country’s borders –his first since 2020 – via a heavily armored train to Russia, where he met with Russian president Vladimir Putin. The visit stoked fears that there could be increased weapons and technology transfers between the two nations, hostile to the West (and its partners in Asia) with North Korea providing Russia with munitions for its war in Ukraine in exchange for sensitive nuclear, missile and cyber knowhow. Around this time, North Korea unveiled a nuclear-capable submarine, with the additional stated intention of converting all existing medium-sized diesel submarines with nuclear attack capability to complete their nuclear triad of land, air, and marine missile launchers, none of which would be possible without external expertise.

READ MORE

MIDDLE EAST : A CYBER ARMS RACE?

Despite the region’s superficial media image as a region where religious fanaticism takes primacy in the political landscape, in fact it’s plain geopolitics which takes primacy over religious matters virtually all the time. We can even say the Middle East is the world’s hotbed of geopolitics and as such, global geopolitical trends tend to manifest themselves early in the region. The inevitable process of digitization of Middle Eastern economies brings with it a growing exposure to the risk of cyber attacks, as political adversaries increasingly seek to exploit opportunities in cyber-enabled vulnerabilities that have the potential to diminish an opponent’s economic and military power. The cyber realm has been taking the form of the vanguard of geopolitical statecraft with the Middle East serving as the hotbed of both geopolitics and subsequently innovation and use of cyber intelligence collection, cyber warfare and integration of cyber warfare with kinetic means of conflict.

READ MORE

PHILIPPINES THREAT OVERVIEW?

The Philippines faces significant cybersecurity challenges, making it highly susceptible to cyberattacks. Factors contributing to this vulnerability include widespread internet usage, a lack of cybersecurity awareness, and underdeveloped cybersecurity infrastructure. Notably, the country is a prime target for cyber espionage activities conducted by nations like China, North Korea, and Russia. The looming potential conflict over Taiwan adds an element of unpredictability to the regional security landscape, with cyber warfare being a significant concern. Recent trends indicate a surge in ransomware attacks within the Philippines, with sectors like finance, government, healthcare, education, and retail being primary targets. Over the past three months, the Medusa ransomware strain has inflicted severe damage globally, with the Philippines amongst the hardest-hit nations.?

READ MORE

Ransomware of the Week?

The CYFIRMA Research and Advisory Team has identified a Megazord ransomware while monitoring various underground forums as part of the Threat Discovery Process. Megazord Ransomware made its debut at the end of August 2023. This ransomware, created using the Rust programming language, integrates numerous allusions to the renowned Power Rangers franchise. It encrypts files and appends the 'powerranges' extension and delivers the ransom note as 'powerranges.txt.'.

READ MORE

Trending Malware of the Week?

Researchers have discovered a new Android Trojan named GoldDigger, actively targeting financial organizations in Vietnam since June 2023. The malware disguises itself as a fake Android app, posing as both a Vietnamese government portal and a local energy company. GoldDigger's primary objective is to steal banking credentials by exploiting Accessibility Service to extract personal information, intercept SMS messages, and execute user actions. Additionally, the Trojan possesses remote access capabilities, making it a significant threat to the security of financial organizations in the region.

READ MORE

CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.

SCHEDULE A DEMO?HERE

Visit?www.cyfirma.com