New malware threats, Iran targets Trump – here's what you need to know
Thomas Murray
Global Risk Intelligence | Safeguarding clients and their communities since 1994
Iran-linked threat groups target US presidential election?
Google recently announced the disruption of a sophisticated hacking campaign conducted by the Iran-linked group APT42 (also known as Calanque or UNC788). This campaign targeted the personal email accounts of people connected to President Biden and former President Trump.??
Google detected and blocked multiple attempts by APT42 to access the personal email accounts of these individuals, with successful breaches reported across various email providers, including a high-profile political consultant’s Gmail account.?
This breach, first reported by POLITICO, has raised concerns about foreign interference in the 2024 US presidential election in November. The Trump campaign referenced an incident in June where a spear-phishing email, attributed to another Iranian group, Mint Sandstorm, was sent to a high-ranking campaign official.?
Newly identified Android malware empties accounts, wipes devices?
BingoMod, a newly identified Android malware, can wipe devices after depleting its victims' bank accounts. Spread via text messages, the malware disguises itself as a legitimate mobile security tool and can steal up to €15,000 per transaction.?
Distributed via smishing (SMS phishing) campaigns, BingoMod disguises itself as other legitimate mobile security tools, like APP Protection, Antivirus Cleanup, Chrome Update, and others. It sometimes mimics the icons of legitimate apps such as AVG AntiVirus and Security.?
Key features and techniques?
BingoMod is currently in v1.5.1 and appears to be in early development, with ongoing efforts to enhance its evasion capabilities.??
Qilin ransomware upgrades, now steals Google Chrome credentials??
The Qilin ransomware group first emerged in October 2022. It is believed to be linked to Russia-based threat actors and has targeted a diverse range of industries.??
On 3 June 2024, Qilin targeted Synnovis , an outsourced lab service provider for NHS hospitals in south-east London. It claimed to have exfiltrated hospital and patient data and demanded a US$50m ransom. After unsuccessful negotiations, Qilin leaked the entire stolen dataset.?
Qilin group is known for these “double extortion” tactics, where data is both encrypted and stolen, with the threat of public exposure if the ransom isn't paid.??
However, while investigating the Synnovis breach cyber security researchers made a troubling discovery – Qilin now specifically targets credentials stored in Google Chrome browsers. Chrome commands around 65% of the browser market, so access to the credentials stored in it could allow attackers to infiltrate financial accounts, emails, cloud storage, and business applications.?
The evolving tactics of Qilin underscore the critical need for organisations to continuously monitor threats and adapt their security strategies. Key protective measures include:?
Additionally, it is essential that all network systems, including operating systems and web browsers, are fully patched.?
HackRead ?
US prison for Russian who sold logins to nearly 3,000 accounts???
Georgy Kavzharadze has been sentenced to prison in the United States for his role in selling stolen credentials on the dark web marketplace Slilpp. He’ll also have to pay back US$1.2m from fraudulent transactions he enabled.??
The 27-year-old from Moscow operated from July 2016 until May 2021, when Slilpp was taken down by international law enforcement in a coordinated operation. Authorities arrested Kavzharadze a year later and extradited him to the US, although from which country has not been disclosed.?
The Slilpp marketplace, which had been in operation for nearly a decade, facilitated the sale of more than 80m credentials, causing estimated damages exceeding US$200m worldwide.??
Kavzharadze’s activities on Slilpp were extensive, with over 297,300 credentials sold and more than 626,000 listed during his five-year involvement. Authorities linked Kavzharadze to over $200,000 in Bitcoin withdrawals from the site between 2016 and 2018, a sum now valued at more than $450,000.?
领英推荐
Shortage protocols activated after ransomware attack on US blood bank?
A major ransomware attack on OneBlood, a major non-profit blood bank serving hospitals across Florida, Georgia, and the Carolinas in the US, has severely disrupted its operations.?
The attack compromised its software systems, leading to a reduction in operational capacity and slowing down processes.??
While OneBlood is still functioning, for now it is reliant on manual procedures – apart from being slower and less efficient, this is having an effect on inventory management and blood availability. To ease the burden, the organisation has requested that the more than 250 hospitals it serves activate their critical blood shortage protocols.?
OneBlood is actively working with anti-malware experts and various agencies to manage the incident and restore full functionality to its systems. The specific details of the ransomware involved are not yet known.??
This incident underscores a troubling trend of ransomware attacks targeting the healthcare sector, exemplified by recent attacks from sophisticated threat actors such as North Korean advanced persistent threat (APT) groups.?
TDECU data breach affects half a million people?
The Texas Dow Employees Credit Union (TDECU) recently reported a significant data breach that affected the personal information of 500,474 people.??
TDECU was founded in the mid-1950s by employees of Dow Chemical Company but has since grown through mergers and acquisitions.?
The breach occurred on 29 May 2023, but was not discovered until over a year later. According to TDECU’s notification, the incident was linked to the MOVEit vulnerability.??
The credit union provided several recommendations to those who may have been affected, including:??
Did you know?
Cyber Risk
We bring the best of our collective experience, energy and creative power to fiercely safeguard our clients and fortify their communities. Learn more