On-demand Webinar – World vs Cyber: Bridging the Gap to Mitigate Threats Learn More +

Weekly Cyber Digest

05 May 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Cisco Firepower Threat Defense
Delta Electronics DIAEnergie
Cisco FirePOWER Management Center
IBM Cloud
Cisco ASA Adaptive Security Appliance
Deep & Dark Web
Name Heat 7
Ledger Nano S
South Park
Windows 7

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Elgin County (US) The county experienced technical disruptions between April 1st and April 27th, 2022, that impacted its website and email communications. On April 25th, 2022, Conti ransomware reportedly added the county to their leak site, along with at least one 40MB ZIP file, and indicated that 10% of allegedly stolen data had been published. The listing was since removed and it remains unclear if any personal or sensitive data was exfiltrated. Unknown
Battelle for Kids (US) Current and former Lakota Local Schools students may have been impacted in a ransomware attack against Battelle for Kids. Information provided to the company includes student names, state student IDs, grade level, school year, assessment results, as well as dates of birth, teacher name and class. Unknown
Mattel and Danaher (US) Stormous ransomware claims to have stolen data from the companies, which they threatened to leak. Unknown
myNurse (US) On March 7th, 2022, an unauthorised individual accessed protected health data of users. Potentially compromised information includes names, phone numbers, dates of birth, medical histories, health insurance information, and more. Unknown
Los Angeles County Department of Mental Health (US) Unauthorised access occurred between October 19th and October 21st, 2021, after several employees fell victim to a phishing attack. Potentially compromised information includes names, addresses, dates of birth, Social Security numbers, medical and health information, health insurance information, financial account numbers, and more.  Unknown
Valley View Hospital (US) An unauthorised third party gained access to four employee email accounts following a phishing scam. The personal data of hospital employees and patients is thought to be impacted. Potentially compromised information includes names, dates of birth, Social Security numbers and driver’s licences. ~ 21,000
CPQD iD (Brazil) The blockchain service, used by the Central Bank of Brazil, was allegedly hacked by the LV ransomware group. The group stated they managed to steal 1.8TB of data, including blockchain servers. CPQD stated that no personal data has been leaked and that no customer solutions have been compromised. Unknown
Multiple Russian companies Anonymous leaked a 1.7TB archive allegedly belonging to Elektrocentromontazh and a 1.1TB archive from ALET OOO. Network Battalion 65 leaked a 542GB archive from Petersburg Social Commercial Bank, and claim to have hacked the payments company QIWI and stolen the credit card details of 12.5 million clients. Unknown
Kellogg Community College (US) On May 1st, 2022, college officials disclosed that recent technology issues were caused by a ransomware attack that continues to affect systems. Campuses will remain closed, and classes have been cancelled until they can continue safely. Unknown
EKZ (Germany) LockBit ransomware added the company to their leak site and published allegedly stolen data on April 28th, 2022. They claim to have published 100% of the stolen data. Unknown
Henry Company (US) The company suffered a data breach following a ransomware attack between January 22nd and 29th, 2022. Potentially compromised data includes Social Security numbers, driver’s licence numbers, and identification numbers. Unknown
Nordic Choice Hotels (Finland) Kämp and F6 hotels suffered data breaches after their supplier, Sabre, had a data leak in their booking system between February 10th and February 14th, 2022. Potentially compromised information including names, addresses, telephone numbers, email, and booking dates. 15,947
Worcester County (US) The county was the victim of a phishing attack between November 10th and November 20th, 2020, that resulted in the breach of a Worcester County Government (WCG) email address. The personal information of WGC and Board of Education employees was contained in the account. 3,000
Breastcancer.org (US) A misconfigured and publicly available Amazon S3 bucket exposed over 350,000 files, totaling around 150GB of data. Included in the files were sensitive images belonging to users, several of which included images of nudity and results from medical tests. A portion of these images contained detailed EXIF data. 50,000
Transport for New South Wales (Australia) An unauthorised third-party accessed some of the Authorised Inspection Scheme online application’s user accounts. Information stored in the online application includes full name, address, phone number, email address, date of birth, and driver’s licence. Unknown
National Directorate of Intelligence (Peru) On April 27th, 2022, Conti ransomware claimed to have hacked department’s website. The group has threatened to publish what it claims to be sensitive data if the government ignores paying the ransom. They added that there was no data encryption on the agency’s network. Unknown
FactWire (Hong Kong) The company’s website and internal system as well as newsletter delivery operations were hacked in April 2022. The incident resulted in the email addresses and names of certain subscribers to be accessed by the attacker. 3,700
National Institute of Mental Health and Neurosciences (India) A ransomware attack on March 23rd, 2022, resulted in several files and systems being inaccessible. The extent of damage remains unclear, but according to some sources, encrypted data includes laboratory reports of patients, names, and history of illnesses. Unknown
Nauru Police Force On May 2nd, 2022, Anonymous leaked 285,635 emails allegedly belonging to the force. Anonymous stated that the leaked emails contain details related to abuses against asylum seekers and refugees that the Nauru Police Force and the Australian government allegedly attempted to cover up. Unknown
Pueblo School District 70 and Cheyenne Mountain School District 12 (US) Both districts revealed they were impacted by the Illuminate Education breach, with unauthorised access to databases occuring between December 28th, 2021, and January 8th, 2022. Possibly compromised information includes names, dates of birth, gender, and more. Unknown

Malware mentions in Technology

Time Series

This chart shows the trending malware related to Technology within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Government In mid-January 2022, Mandiant researchers identified multiple waves of APT29 spear phishing attacks targeting diplomatic and government entities, likely to support intelligence collection for espionage purposes. The campaigns involved two new malware families, BEATDROP and BOOMMIC, before the group moved on to a simpler C/C++ BEACON backdoor. BEATDROP uses Atlassian’s Trello service for command and control, using Trello to store victim data and retrieve AES-encrypted shellcode payloads to be executed. BOOMMIC is executed via DLL sideloading and used to further establish a foothold in a victim’s environment.
Critical Infrastructure SentinelLabs researchers identified a Chinese-aligned espionage group, dubbed Moshen Dragon, targeting the telecommunications sector in Central Asia with ShadowPad and PlugX variants. The group engages in trial-and-error abuse of traditional antivirus products to perform DLL search order hijacking. Products from Symantec, Trend Micro, BitDefender, McAfee and Kaspersky are amongst those targeted. Moshen Dragon deploys a variety of other tools, including Impacket for lateral movement, an LSA notification package used to harvest credentials, and a passive backdoor called GUNTERS.
Healthcare Inky researchers identified a large-scale phishing operation targeting the UK’s National Health Service (NHS). The campaign began in October 2021 as a sporadic use of legitimate NHS accounts to send phishing emails to unsuspecting third parties, but escalated in March 2022. The phishing emails originated from email accounts belonging to 139 NHS employees. The majority of the emails were fake document notifications with malicious links to credential harvesting sites targeting Microsoft credentials.
Technology NCC Group researchers observed new tactics, techniques, and procedures in recent attacks by LAPSUS$. Recent activity includes shutting down virtual machines (VM) from within on-premises VMware ESXi infrastructure and wide-spread mass deletion of VMs, storage, and cloud environment configurations to hinder analysis. Data theft appears to focus on application source code or proprietary technical information, including git repositories containing commercially sensitive intellectual property and API keys to sensitive applications. The group likely gains initial access via stolen authentication cookies, often in the form of single sign-on applications.
Cryptocurrency Multiple pools related to the decentralised finance (DeFi) platforms Rari Capital and Fei Protocol were targeted in a cyberattack on April 30th, 2022. The attackers exploited a reentrancy bug in Rari’s Fuse lending protocol, enabling them to steal over $80 million. The same bug also impacted forks of the Compound DeFi protocol. In response, Rari Capital and Fei Protocol temporarily paused all borrowing. Fei Protocol offered the attacker a $10 million bounty if the remaining funds are returned.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.