Threat Reports

Silobreaker Daily Cyber Digest – 9 March 2016

OnionDog APT
360 SkyEye Labs have announced the detection of OnionDog, an espionage APT that has been targeting the infrastructure, energy and transportation industries of Korean speaking countries for over three years.

OnionDog uses two methods to compromise targets. The first is a phishing email containing a malicious .HWP file – the format for Hanword/Hangul, a popular Korean Office-type program. The file contains an embedded trojan downloader that will trigger when the document is opened. The second method uses a USB worm and the ‘sneakernet’ to target isolated or air-gapped infrastructure systems.

OnionDog is believed to be well organised and exhibits strict and relatively clear naming conventions for files and pathing. The trojans used by the group have a lifecycle averaging 15 days, making them harder to detect by the organisations they target.

Point of Sale compromise at Rosen Hotels & Resorts
The company, which operates 6,300 rooms across seven properties, has discovered POS malware on its systems.

Card numbers, names, expiration dates and verification codes were all collected over the course of at least a year; the infection was only discovered in February 2016, when Rosen began hearing reports of card fraud from previous guests.

Home Depot offers to settle breach lawsuit
$19.5 million has been offered to those taking part in the class-action lawsuit; a response to the 2014 POS breach that compromised the credit card information of as many as 56 million Home Depot customers.

The retailer’s attackers used stolen third-party credentials to access network systems, before installing custom malware on self-service payment terminals. The hack was swiftly followed by numerous other breaches that year.

Home Depot maintains that its settlement offer is not an admission of liability.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 22 March 2019

      Ongoing Campaigns Dr Web reports Flexnet banking trojan targeting users of Android devices Flexnet banking trojan is reportedly based on GM bot trojan...
  • Silobreaker Daily Cyber Digest – 21 March 2019

      Malware New Carbanak Gang tools discovered by Flashpoint Flashpoint researchers reported on newly discovered tools used by the Carbanak Gang in a campaign...
  • Silobreaker Daily Cyber Digest – 20 March 2019

      Malware Malicious Office document analysed by ZLAB Researchers at Cybaze-Yoroi ZLAB discovered a malicious Office document with a payload capable of bypassing AppLocker...
View all News

Request a demo

Get in touch