Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot

www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, which is the same day we discovered the malspam campaign.

PsiXBot Modular Malware Gets New Sextortion, Google DoH Upgrades

www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/ Security researchers discovered a new variant of the PsiXBot modular malware with a new sextortion module and designed to use Googles DNS over HTTPS (DoH) service to get command and control (C2) IP addresses.

Secret Service Investigates Breach at U.S. Govt IT Contractor

krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/ The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

Purple Fox Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group

www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/ ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. Amnesty Internationals Senior Technologist, Claudio Guarnieri, has concluded that Stealth Falcon and Project Raven actually are the same group.. Also:

threatpost.com/stealth-falcon-middle-east-windows-bits/148136/. Stealth Falcon Targets Middle East with Windows BITS Feature

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report

www.forbes.com/sites/zakdoffman/2019/09/05/secret-chinese-hacking-group-set-traps-to-steal-nsa-cyberattack-tools-new-report/

North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2019/09/09/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variantsreferred to as ELECTRICFISH and BADCALLused by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

MAR-10135536-10 North Korean Trojan: BADCALL

www.us-cert.gov/ncas/analysis-reports/ar19-252a

MAR-10135536-21 North Korean Proxy Malware: ELECTRICFISH

www.us-cert.gov/ncas/analysis-reports/ar19-252b

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

threatpost.com/million-iot-radios-hijack-telnet-backdoor/148123/

You might be interested in …

Daily NCSC-FI news followup 2020-07-23

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen [maksumuurin takana] www.tivi.fi/uutiset/tv/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä […]

Read More

Daily NCSC-FI news followup 2020-04-27

Ciscon USC-laitteet ovat vaarassa tuhoutua omin päin, mikäli ylläpitäjät eivät tilannetta ratkaise www.tivi.fi/uutiset/tv/be4dd0ae-92ab-4e18-8e9b-9d3a04adacb9 The Register kertoo, että 23:ssa Ciscon USC-malliston palvelimessa on ikävä vika. Ne nimittäin ottavat ja itsetuhoutuvat, kun niiden käyttöaika yltää 40 000 tuntiin. “Jos ssd-levy yltää 40 000 käyttötuntiin asti, levy muuttuu täysin käyttökelvottomaksi ja se on vaihdettava”, Cisco varoittaa asiakkaitaan. Lue […]

Read More

Daily NCSC-FI news followup 2019-11-25

Livingston School District in New Jersey Hit With Ransomware www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/ Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. Hidden Cam Above […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.