Threat Reports

Silobreaker Daily Cyber Digest – 2 March 2016

TeaMp0isoN hacks Time Warner Cable
The hacking group known as TeaMp0isoN used SQL injection to steal over 4,000 records from Time Warner Cable’s (TWC) Business Class website. TWC’s Business Class is a managed security solution that offers a variety of protective services to corporate clients including AV and VPNs.

Rather than selling the data, which is said to include database ID’s, usernames, emails and encrypted passwords, TeaMp0isoN decided to post the information publicly. The website hosting this data is currently unavailable.

$55 million hacker pleads guilty
Ercan Findikoglu, also known as Predator and Segate, has pleaded guilty in US Federal court to counts including computer intrusion conspiracy. Findikoglu, 34, was accused of masterminding a hacking operation that stole up to $55 million dollars from ATMs around the world.

The scheme involved gaining access to prepaid debit card service providers in order to massively increase the account balances of specific cards. The details of these stolen cards was then disseminated operatives all over the world, who would withdraw the money.

The largest of these campaigns, which targeted Bank Muscat in Oman, netted close to $40 million over the course of only 10 hours. The original indictment is available here.

Shrouded Crossbow (Hacker Group/Operation)
Dubbed Shrouded Crossbow by Trend Micro, this group is thought to have become active in late 2010, before coming to the attention of security researchers in recent months.

The group primarily uses the source code of the Bifrose trojan to develop their own spying tools and backdoor access, before distributing these via spear phishing campaigns. Targets are typically major corporations or government organisations, and the group focuses its activities in Asia.

Shrouded Crossbow is thought to have purchased the Bifrose source code on the open market, and, using its own team of developers, modified and improved it. The group is also known to use the XBOW and Kivars backdoors.

Shrouded Crossbow is believed to possess major financial and human resources, given the group’s capacity to recreate and improve the Bifrose base code on such a scale. Trend Micro’s researchers have stated that ‘at least ten developers worked on the malware’s code, this is a very high number of people, with normal cyber-crime gangs rarely counting more than ten members in total.’

Unix Bifrose (malware)
The Shrouded Crossbow syndicate appear to have developed a variant of the Bifrose malware that is capable of running on Unix systems. Creating Unix Bifrose entailed rewriting the malware’s original base code, which was initially designed to target Windows’s machines. The new variant has been formatted into an Executable and Link Format (ELF) file, which is a standard executable file for UNIX and *nix systems.

The new Bifrose variant utilises the same protocols and C&C commands as the Window’s variant, meaning that it can communicate with the Trojan’s original server.

This development allows Shrouded Crossbow to access to a whole new pool of targets. Unix systems traditionally run on on workstations, servers and some mobile devices, making this modification a potentially dangerous new threat.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 14 June 2019

      Ongoing Campaigns Trend Micro discover new campaign using NSA leaked tools to deliver cryptominers Trend Micro researchers discovered an ongoing cryptojacking campaign infecting...
  • Silobreaker Daily Cyber Digest – 13 June 2019

    Malware Palo Alto’s Unit 42 report on evolving Hide ‘N Seek botnet Unit 42 have discovered a variant of the Hide ‘N Seek botnet...
  • Silobreaker Daily Cyber Digest – 11 June 2019

      Ongoing Campaigns MuddyWater uses multi-stage backdoor POWERSTATS V3 and new post-exploitation tools Trend Micro researchers detected new campaigns that appear to be operated...
View all News

Request a demo

Get in touch