Silobreaker Daily Cyber Digest – 25 Feb 2016
It appears that the Guardians of Peace, infamous for the Sony Pictures Entertainment (SPE) attack, was merely the cover for a long running APT that researchers have dubbed The Lazarus Group.
Led by Novetta, specialists from major AV/security/analytics companies have released a report detailing their findings as part of Operation Blockbuster, an industry-wide effort to clarify and attribute the 2014 SPE attack.
It remains likely that the Lazarus Group is associated with North Korea, but a TTP/YARA analysis suggests that up to 45 families of malware are linked to Lazarus. This would mean that the group has been in operation from around 2007.
Porn Clicker Trojan
On a slightly lighter note, it looks like the Google Play store is totally infested with porn clicker trojans.
Porn clickers are a type of click-fraud enabling malware that scams advertisers out of revenue by opening an invisible browser window on users’ phones and ‘clicking’ on ads hosted by porn sites.
ESET researchers have found over 300 on the Google Play store in the last seven months, mostly hidden inside what appear to be popular games.
Sons of the Caliphate
The Islamic State (IS) appear to have launched a new hacking division entitled ‘Sons of the Caliphate.’ The group debuted itself by launching a video called Flames of the Supporters where they made death threats against Mark Zuckerberg and Twitter CEO Jack Dorsey.
More importantly the group also claimed to have compromised over 10,000 Facebook accounts and 5000 Twitter handles. The video showed ‘evidence’ of these claims, stating that the accounts had been hacked and handed over to IS supporters.
Although IS already have a well established hacker unit, the Islamic State Hacking Division, the disparate nature of the group and its relative lack of centralized command mean that new groups such as this are likely to established often.
The veracity of the groups claims has not been verified, and it is worth remembering that many grandiose statements such as this made by IS have eventually been proved false.
This is the twitter hashtag being used by the newly founded ‘Sons of the Caliphate.’ Throughout its mentions it reiterates the groups ambitions to undermine the efforts of Facebook and Twitter to stifle the spread of IS propaganda on social media.
They claim to be unaffected by account closures and user bans, and threaten that further action against their objective will result in Facebook and Twitter being ‘erased’.
The Silobreaker Team