Plaintext: News You May Have Missed

Cybersecurity doesn’t take a break. Everyday there is something new: new attacks, new research, new threats. In this issue of Dark Reading in Plaintext, we pull together news reports from around the industry this week that you may have missed.

We have a ICYMI digest to catch you up on some of the other important news this week.

First up --?Neopets is the third gaming platform ?to be hit with a cyberattack?(after?Bandai Namco?and?Roblox) in the past week. According to reports, the?purveyor of virtual pets was robbed?for its source code as well as the personal information belonging to its 69 million users.

The SolarWinds Hackers Are Back. The hackers behind the supply chain attack against SolarWinds two years ago have been spotted using Google Drive to smuggle malware onto victim systems. The attacks, consisting of two waves of email-borne attacks between May and June, targeted foreign embassies in Portugal and Brazil. "In both cases, the phishing documents contained a [Google Drive] link to a malicious HTML file (EnvyScout) that served as a dropper for additional malicious files in the target network, including a Cobalt Strike payload," according to Unit 42's post?this week.

APTs for Everyone. Several nation-state attacks became public this week.

• Citizen Lab said?that it had forensically confirmed that at least 30 individuals were infected with NSO Group’s?Pegasus mobile spyware?after an extensive espionage campaign that took place late last year.
• The government of Belgium disclosed a spate of attacks against its defense sector and public safety organizations emanating from three China-linked threat groups: APT27, APT30, and APT31 (aka Gallium or UNSC 2814) in a statement.
• Google's Threat Analysis Group flagged an odd false-flag operation in Ukraine involving the Russia-linked hacking group Turla.
• Cisco Talos observed an unusual campaign targeting Ukrainian entities--unusual because the attack targeted a large software development company whose wares are used in various state organizations within Ukraine.

Speaking of Ukraine... US Cyber Command has disclosed 20 new strains of malware being used against Ukrainian targets over the last few months. "Our Ukrainian partners are actively sharing malicious activity they find with us to bolster collective cyber security, just as we are sharing with them," US Cyber Command said in a?statement?on Wednesday.

Malvertising and Tech Support Scams. A?malvertising campaign?is abusing Google’s ad network to redirect visitors to an infrastructure of tech support scams, according to Malwarebytes. "The threat actors are … purchasing ad space for popular keywords and their associated typos," researchers explained in?a posting. "A common human behavior is to open up a browser and do a quick search to get to the website you want without entering its full URL. Typically a user will (blindly) click on the first link returned (whether it is an ad or an organic search result)."

Finally...The Transportation Security Administration issued revised cybersecurity directives?for oil and gas providers after extensive input from federal regulators and private industry stakeholders in the wake of the May 2021 ransomware attack on Colonial Pipeline. The directives are more focused on performance-based measures, such as requiring operators to publish a cybersecurity implementation plan; develop an incident response plan to respond to attacks; and establish a longer-term assessment program to proactively test and audit cybersecurity measures.?

Headlines on Tap

There is no shortage of data dumps, but three this week caught our attention:

• Daily Beast reports hacktivist collective Anonymous dumped more than 150 gigabytes of identifying, previously private data on the customers of Epik, a web service provider infamous for lending safe harbor to sites with far-right and extremist views. The clientele list includes sites associated with the Proud Boys, 8chan, Parler, and QAnon conspiracy groups.
• According to BleepingComputer, identity management company Entrust confirmed it was breached by a ransomware gang in June which stole internal?data. It is not known at this time what was stolen. Entrust is used by a number of US government agencies, including the Department of Energy, Department of Homeland Security, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, Department of Agriculture, and many more.
• Per Cyberscoop, that pro-choice hacktivists leaked more than 74 gigabytes of data connected to evangelical organizations as part of an effort to rally support against groups that supported the Dobbs v. Jackson ruling reversing Roe v. Wade.

On That Note

Black Hat USA is less than three weeks away. Here at Dark Reading, we will highlight some of the research being presented on Aug 10 and Aug 11.

One talk we are looking forward to is the analysis of Sandworm and?and the Industroyer2 malware?by?ESET's Robert Lipovsky and Anton Cherepanov. They?plan to reveal more technical details about Sandworm that haven't yet been made public, as well as share recommendations for utilities to?defend against the nation-state group's attacks.

Source: Toby Osborn?on?Unsplash