New NK hackers, Dutch bank breached, Wayback Machine attacked
In today’s cybersecurity news…
New North Korean hacking group emerges
A North Korean hacking group has been formally identified by Microsoft, and it has been given the name Moonstone Sleet, an upgrade from its earlier name Storm-1789, a nomenclature system Microsoft uses for uncategorized malicious actors. Moonstone Sleet appears to share techniques and code with another North Korean group, Diamond Sleet. Currently its TTP portfolio includes “setting up fake companies and job opportunities to engage with potential targets, deploying trojanized versions of legitimate tools, and creating malicious games and custom ransomware.”
Dutch bank ABN Amro discloses data breach
This breach has been announced as being a result of a ransomware attack suffered by a third-party vendor, AddComm, a company that distributes documents and tokens physically and digitally to clients and employees. AddComm has contained the incident and is investigating what data may have been accessed, and ABM Amro has stopped using this vendor’s services. The bank also states that there are currently no indications that attackers have used the data of its customers.
Microsoft Exchange Server flaws exploited to deliver malware in Africa and Middle East
Researchers at Positive Technologies have discovered an unknown keylogger embedded in the main Microsoft Exchange Server page, being used to collect account credentials. The researchers identified more than 30 victims located in Russia and several countries in Africa and the Middle East, most of whom were linked to government agencies. The researchers say the malware campaign targeting MS Exchange Server has been active since at least 2021 and has been exploiting ProxyShell vulnerabilities. No threat group has been identified with this campaign.
RansomHub claims attack on Christie’s
Following up on a story we covered March 14, a criminal group named RansomHub is now claiming to be behind the cyberattack on the British auction house Christie’s. First announced as a “technology security incident,” it has now become a ransomware situation with data having been posted on the RansomHub leak site. Christie’s has confirmed that “the group behind the incident took some data from the Christie’s network, including a limited amount of personal data relating to some of our clients.” Christie’s is the world’s largest auction house by revenue and these clients include some of the world’s wealthiest art collectors. Its CEO said there was “no evidence of any financial or transactional data related to our clients or to Christie’s being taken or copied.”
(The Record )
领英推荐
Thanks to today’s episode sponsor, Vanta
Internet Archive, including Wayback Machine, impacted by DDoS
Described by Brewster Kahle, Founder and Digital Librarian of the Internet Archive, as “sustained, impactful, targeted, adaptive, and importantly, mean.” This DDoS attack started on May 26, and has taken the service offline intermittently since. The Internet Archive provides free access to millions of historical documents, preserved websites and media content, including the famous Wayback Machine, which shows what your company’s website looked like at certain points over the past decades. The source of the attack is currently unknown.
CatDDOS increases attacks
Researchers at China’s QiAnXin XLab have noted a surge in activity involving a Mirai DDoS botnet variant called CatDDoS. These attacks have focused on a range of organizations including cloud vendors, communication providers, construction companies, scientific and research entities, and educational institutions, in the U.S., France, Germany, Brazil, and China. After having dropped out of sight in December, it has returned with a vengeance, exploiting at least 80 different vulnerabilities in its new campaign.
(Dark Reading )
Seattle Public Library suffers attack
The attack, which began last Saturday, disabled computers and the online catalog for the library’s 27 branches, which together serve 800,000 residents. There is no estimated time of recovery but the library system will remain open to lend books and CDs manually. This is just one of a long list of library attacks in recent years, which, according to The record, has prompted U.S. officials to “propose the creation of a program specifically designed to collect data about cybersecurity measures and advanced firewall services that would best help libraries defend themselves from hackers.”
(The Record )
New report looks at the security dangers of inadequate offboarding
Wing Security says that 63% of businesses may have former employees who still have access to organizational data. Inadequate or insufficient offboarding practices, the company says, often happen during periods of mass layoffs, citing the 80,000 tech employees who were made redundant in the first half of 2024 alone, “especially considering that the average employee uses 29 different SaaS applications.” The report cites four distinct risks, being data breaches, compliance violations, insider threats, and intellectual property theft. Their recommendation is to use automation in SaaS Security Posture Management (SSPM). A link to the report is available in the show notes to this episode.
(The Hacker News and Wing Security )