Middle East Threat Landscape, LockBit Update, Operation Pandora, and More

Welcome back to our comprehensive coverage of the latest cybersecurity news and developments from around the world. Our team has meticulously curated some of the most impactful and intriguing stories in the field to keep you informed and up-to-date. However, our coverage doesn't stop here. If you want a more extensive and in-depth overview of the latest cybersecurity stories, our website at www.cloudsek.com.

Middle East Cyber Threat Landscape Report - April 2024

Author : Abhinav Pandey

CloudSEK’s Threat Research team has been meticulously monitoring the evolving cyber threat landscape in the Middle East region in context with the recent instability in the region. The report offers a comprehensive analysis of the cyber threat landscape in the Middle East region, examining both qualitative attacks orchestrated by Advanced Persistent Threat (APT) groups and quantitative cyber incidents perpetrated by hacktivist groups. We delve into recent breaches, targeted attacks, and emerging threats, providing insights into the motivations, tactics, techniques, and procedures (TTPs) of prominent hacktivist groups like Anonymous and their affiliates.?

Additionally, we explore the operations of Iranian state-sponsored APT groups, including APT33, APT34, APT35, and APT39, analyzing their objectives and targets across government agencies, defense contractors, and critical infrastructure.

CloudSEK News

Unsecured Blob Storage Results in Leak of Nearly 1 Million Telecom Customer Details

The personal information of nearly 1 million Indian telecom customers was compromised in a data leak, raising concerns about cybersecurity practices. CloudSEK, a leading cybersecurity firm, discovered the leak on April 23rd, 2024, and traced it back to a vendor for a Rajasthan-based telecom company.

CloudSEK researchers deep-dived into the details of the leak, the exposed data, potential consequences, and recommended mitigation strategies for both the telecom company and its customers.

LockBit on Lockdown: Darknet Site Back Online, This Time With Police in Control

• LockBit ransomware gang’s darknet extortion site reappeared under police control.
• Site was previously used to publish stolen victim data.
• Now, it’s used to showcase information retrieved by law enforcement.
• New information about the gang to be revealed on May 6th, 14:00 UTC.
• Police claim deeper access than initially admitted by the gang’s leader

Operation PANDORA: International Raids Across Europe Nab 21 Suspects in Multi-Million Euro Fraud Call Center Operation

• Operation Pandora: A large-scale international law enforcement effort targeting phone scam call centers.
• Takedown: 12 call centers were raided across Albania, Bosnia-Herzegovina, Kosovo, and Lebanon.
• Arrests: 21 individuals arrested.
• Victims Saved: Over 7,500 potential victims protected from fraud, totaling over €10 million saved.

Alleged Data Leak at Secure Parking India Could Affect Over 1 Million Customers

A security breach at Secure Parking (India) has potentially compromised the personal information of over 1 million customers. Cybersecurity researchers discovered the leak, which is being attributed to a threat actor known as Dawn of Devil.

According to reports, notorious threat actor Dawnofdevil claims to possess a database belonging to Secure Parking.co.in, a company operating car parking facilities at different locations in India. The leaked data is said to be around 1 GB in uncompressed form and 101 MB in compressed.

Dropbox Sign Security Breach Exposes Customer Data: What You Need to Know

• Hackers breached Dropbox Sign, an e-signature platform.
• Breached data includes emails, usernames, phone numbers, hashed passwords, and some authentication information.
• Data of users who signed documents but didn’t create accounts (emails and names) was also exposed.
• No evidence of document or agreement access or breach of other Dropbox services.

Philadelphia Inquirer Data Breach Exposes Information of Over 25,000 Individuals

• Philadelphia Inquirer’s systems were breached in May 2023, impacting print publishing.
• An unauthorized party accessed and copied files between May 11-13, 2023.
• The investigation is ongoing, but the attack seems financially motivated.

Cyberattack Forces Closure of London Drugs Stores in Western Canada

• London Drugs closed all stores in Western Canada due to a cybersecurity incident.
• The company hired cybersecurity experts to investigate and contain the attack.
• No evidence of customer or employee data breach found yet.
• Urgent pharmacy needs can be addressed by calling local pharmacies.
• London Drugs hasn’t notified authorities as there’s no indication of data compromise.

Massive Data Breach in NSW and ACT Clubs: Over a Million Records Exposed

• Major data breach exposes personal information of pub & club patrons in NSW & ACT.
• Outabox , a sign-in system provider, is at the center of the incident.
• Leaked data potentially includes names, addresses, & ID photos/signatures.
• Dozens of venues were affected, including 16 clubs & several pubs (Merivale claims no breach yet).

Cuttlefish Malware: Eavesdropping on Routers, Targeting Cloud Accounts

• Cuttlefish malware targets SOHO routers to steal login information.
• It steals data from web traffic passing through the router.
• Focuses on credentials for cloud services like AWS and Azure.
• The malware can hijack internal network traffic and manipulate DNS.
• It uses stolen credentials to access the victim’s cloud resources.

Australian Businesses Hit by Cyberattacks from Iranian Hacktivist Group

In a string of digital onslaughts, a hacktivist group, identifying as the Cyber Fattah Team from Iran, launched a series of cyberattacks targeting small- to medium-sized businesses across Australia.

Intel gathered by CloudSEK researchers from underground forums shows the Cyber Fattah Team, known for its pro-Palestinian stance, first emerged on the cyber scene on January 29, 2021.

?? Do you want to contribute towards this Newsletter? Here is your chance to let the readers know your side of the story. Mail us at [email protected]

-- See you in the next edition with more!!???