Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot

www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, which is the same day we discovered the malspam campaign.

PsiXBot Modular Malware Gets New Sextortion, Google DoH Upgrades

www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/ Security researchers discovered a new variant of the PsiXBot modular malware with a new sextortion module and designed to use Googles DNS over HTTPS (DoH) service to get command and control (C2) IP addresses.

Secret Service Investigates Breach at U.S. Govt IT Contractor

krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/ The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

Purple Fox Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group

www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/ ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. Amnesty Internationals Senior Technologist, Claudio Guarnieri, has concluded that Stealth Falcon and Project Raven actually are the same group.. Also:

threatpost.com/stealth-falcon-middle-east-windows-bits/148136/. Stealth Falcon Targets Middle East with Windows BITS Feature

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report

www.forbes.com/sites/zakdoffman/2019/09/05/secret-chinese-hacking-group-set-traps-to-steal-nsa-cyberattack-tools-new-report/

North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2019/09/09/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variantsreferred to as ELECTRICFISH and BADCALLused by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

MAR-10135536-10 North Korean Trojan: BADCALL

www.us-cert.gov/ncas/analysis-reports/ar19-252a

MAR-10135536-21 North Korean Proxy Malware: ELECTRICFISH

www.us-cert.gov/ncas/analysis-reports/ar19-252b

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

threatpost.com/million-iot-radios-hijack-telnet-backdoor/148123/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.