Cyber Alert – 22 June 2020
Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.
| Heat – Trending Malware and Threat Actors | ||||
|---|---|---|---|---|
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
| NotPetya Ransomware |  |
 |
5 | 6 |
| WannaCry Ransomware |  |
 |
5 | 15 |
| Shlayer Trojan | |
|
3 | 10 |
| Pegasus Malware | |
|
2 | 7 |
| Truniger Hacker Group | |
|
1 | 1 |
| Storm Cloud | |
|
1 | 1 |
| ZeroCleare Wiper | |
|
1 | 1 |
| Kraken Malware | |
|
1 | 1 |
| Stanislav Vitaliyevich Lisov | |
|
1 | 2 |
| Neverquest Trojan | |
|
1 | 3 |
| Data Breaches |
| ForbesTech – 2,500 posts, 300 platforms, 6 years: A huge but mysterious pro-Russia disinformation campaign is exposed… https://t.co/glQKU2khQ0 |
| ForbesTech – Twitter – Jun 21 2020 11:58 |
| 2,500 posts, 300 platforms, 6 years: A huge but mysterious pro-Russia disinformation campaign is exposed http://on.forbes.com/6018GzGYj by @iblametom |
| Ministry still tracing cause of Indonesia’s COVID-19 patient data leak |
| Office of Inadequate Security – Jun 21 2020 10:56 |
| Antara News reports an update to a breach that first came to light when a data broker listed the data for sale on… |
| DissectMalware – XLM -> #VBScript C08AFD90-F2A1-11D1-8455-00A0C91F3880 -> ShellBrowserWindow more info: https://t.co/Sm6TjE7saz by… https://t.co/G1WVrgikQe |
| DissectMalware – Twitter – Jun 21 2020 21:55 |
| XLM -> #VBScript C08AFD90-F2A1-11D1-8455-00A0C91F3880 -> ShellBrowserWindow more info: https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/ by @bohops… |
| Secnewsbytes – Oracle’s BlueKai tracks you across the web. That data spilled online – TechCrunch https://t.co/GGA0aWrKeg |
| Secnewsbytes – Twitter – Jun 21 2020 09:29 |
| Oracle’s BlueKai tracks you across the web. That data spilled online – TechCrunch https://techcrunch.com/2020/06/19/oracle-bluekai-web-tracking/ |
| Hacker Groups |
| [German] Ke3chang (APT15) reporting.. |
| Reddit – BlueTeamSec – RSS – Jun 21 2020 11:33 |
| submitted by /u/digicat [link] [comments] |
| Partners in Crime: InvisiMole and Gamaredon |
| Cyware – Jun 21 2020 21:49 |
| InvisiMole is back with new tools and a new APT partnership. The group is known for targeting diplomatic missions, along with the military sector, in Eastern Europe. What is happening? InvisiMole operators have struck out a partnership with the… |
| The Return of Anonymous and the Future of Online Activism: An Interview with Dr. Gabriella Coleman |
| McGill International Review – Jun 21 2020 17:57 |
| The Anonymous collective was an enigma of the 2010s, dominating both traditional media and the online sphere. The decentralized “hacktivist” collective was well known for its cyber-attacks on multiple institutions, ranging from the Church of… |
| Another RDP brute force ransomware strikes again, this time, Snatch Team! Snatch Team was able to go from brute forcing a Domain Administrator (DA) account via RDP, to encrypting all Domain joined systems in less than 5 hours. |
| Reddit – Netsec – Jun 21 2020 23:23 |
| submitted by /u/TheDFIRReport [link] [comments] |
| Malware |
| InvisiMole malware delivered by Gamaredon hacker group |
| CERT-EU VulnerabilitiesApplications – Jun 21 2020 13:23 |
| Security researchers have demystified the attack chain of the elusive InvisiMole cyberespionage group, revealing a complicated multi-stage format that relies on vulnerable legitimate tools, target-specific encryption of payloads, and stealthy… |
| DoppelPaymer Gang Suspected to be Targeting Retail Organizations |
| Cyware – Jun 21 2020 19:24 |
| The DoppelPaymer ransomware, which shares most of its code with the BitPaymer ransomware, is suspected to be aiming at the retail sector now. Most recently, it is suspected to be targeting Avon, one of the largest global brands producing and… |
| AcidBox Malware Leveraging Turla Group’s Exploit to Target Russian Organizations |
| Cyware – Jun 21 2020 19:24 |
| To increase the impact and intensity of their cyberattacks, several cybercriminals have started targeting legitimate virtualization platforms used in the organizations. A new malware was recently found exploiting bugs in the newer versions of… |
| nilssonanders – Great write-up of the NotPetya malware hitting Maersk https://t.co/s7pEVoMDjP |
| nilssonanders – Twitter – Jun 22 2020 05:31 |
| Great write-up of the NotPetya malware hitting Maersk https://gvnshtn.com/maersk-me-notpetya/ |
| Vulnerabilities |
| ConnectWise Partners Hit By Ransomware Via Automate Flaw |
| Office of Inadequate Security – Jun 21 2020 12:33 |
| O’Ryan Johnson reports: Multiple ConnectWise partners have had their customers hit with ransomware through a software… |
| Vulnerability Management, Taking a Wide View |
| Medium Cybersecurity – RSS – Jun 21 2020 13:08 |
| … |
| cybersecboardrm – Cisco Patches Flaw in Webex Videoconferencing App #Cybersecurity #security #ui https://t.co/8yIiSKj2Lb |
| cybersecboardrm – Twitter – Jun 21 2020 05:30 |
| Cisco Patches Flaw in Webex Videoconferencing App #Cybersecurity #security #ui https://www.darkreading.com/vulnerabilities—threats/cisco-patches-flaw-in-webex-videoconferencing-app/d/d-id/1338129 |
| InfoSecHotSpot – Cisco Releases Multiple Security Updates Original release date: June 18, 2020 Cisco has released security updates t… https://t.co/WLaMBrAllJ |
| InfoSecHotSpot – Twitter – Jun 21 2020 15:58 |
| Cisco Releases Multiple Security Updates Original release date: June 18, 2020 Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of… |
| Ongoing Campaigns |
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.