Daily NCSC-FI news followup 2021-10-25

Microsoft says Russia hacked at least 14 IT service providers this year

therecord.media/microsoft-says-russias-apt29-hacked-at-least-14-it-service-providers-this-year/ Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked more than 140 IT and cloud services providers, successfully breaching 14 companies.

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/ The targeted activity has been observed against organizations based in the United States and across Europe since May 2021. MSTIC assesses that NOBELIUM has launched a campaign against these organizations to exploit existing technical trust relationships between the provider organizations and the governments, think tanks, and other companies they serve. NOBELIUM is the same actor behind the SolarWinds compromise in 2020, and this latest activity shares the hallmarks of the actor’s compromise-one-to-compromise-many approach.

Mozilla blocks malicious add-ons installed by 455K Firefox users

www.bleepingcomputer.com/news/security/mozilla-blocks-malicious-add-ons-installed-by-455k-firefox-users/ Mozilla blocked malicious Firefox add-ons installed by roughly 455, 000 users after discovering in early June that they were abusing the proxy API to block Firefox updates. The add-ons (named Bypass and Bypass XM) were using the API to intercept and redirect web requests to block users from downloading updates, updating remotely configured content, and accessing updated blocklists.

New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts

citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/ New York Times journalist Ben Hubbard was repeatedly targeted with NSO Group’s Pegasus spyware over a three-year period from June 2018 to June 2021. The targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman.

Millions of Android users targeted in subscription fraud campaign

www.bleepingcomputer.com/news/security/millions-of-android-users-targeted-in-subscription-fraud-campaign/ A massive fraud campaign utilizing 151 Android apps with 10.5 million downloads was used to subscribe users to premium subscription services without their knowledge. Researchers at Avast discovered the campaign, naming it ‘UltimaSMS, ‘ and reported 80 associated apps that they found on the Google Play Store. While Google quickly removed the apps, the fraudsters likely ammassed millions of dollars in fraudulent subscription charges.

Ransomware gangs are abusing a zero-day in EntroLink VPN appliances

therecord.media/ransomware-gangs-are-abusing-a-zero-day-in-entrolink-vpn-appliances/ Multiple ransomware gangs have weaponized and are abusing a zero-day in EntroLink VPN appliances after an exploit was released on an underground cybercrime forum at the start of September 2021. The zero-day is believed to impact EntroLink PPX-AnyLink devices, popular with South Korean companies, and used as user authentication gateways and VPNs to allow employees remote access to company networks and internal resources.

Conti Ransom Gang Starts Selling Access to Victims

krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/ The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.

Putinin PC otti suuren harppauksen

www.is.fi/digitoday/art-2000008357557.html Venäläinen siruyhtiö Baikal Electronics sai käsiinsä ensimmäisen erän itse suunnittelemaansa Baikal-M-suoritinta. Samalla Venäjä otti askeleen kohti omavaraista elektroniikkateollisuutta.

Microsoft Digital Defense Report shares new insights on nation-state attacks

www.microsoft.com/security/blog/2021/10/25/microsoft-digital-defense-report-shares-new-insights-on-nation-state-attacks/ The aims of nation-state cyber actorslargely espionage and disruptionremain consistent, along with their most reliable tactics and techniques: credential harvesting, malware, and VPN exploits. However, a common theme this year among the actors originating from China, Russia, North Korea, and Iran has been increased targeting of IT service providers as a way of exploiting downstream customers.

Polygon pays out record $2 million bug bounty reward for critical vulnerability

portswigger.net/daily-swig/polygon-pays-out-record-2-million-bug-bounty-reward-for-critical-vulnerability Polygon, a blockchain technology company, has paid out $2 million in bug bounty rewards for a double spend’ vulnerability that could have wreaked havoc across its network. The flaw, discovered by ethical hacker Gerhard Wagner, enabled an attacker to double the amount of cryptocurrency they intend to withdraw up to 233 times.

You might be interested in …

[NCSC-FI News] New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns

Recently, we’ve identified a new version of SolarMarker, a malware family known for its infostealing and backdoor capabilities, mainly delivered through search engine optimization (SEO) manipulation to convince users to download malicious documents. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2020-05-23

The Week in Ransomware – May 22nd 2020 – Constantly Innovating www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-22nd-2020-constantly-innovating/ Ransomware operators continue to leak data for their victims and develop new ways to infect victims without being detected by security software. This week, we saw Snake ransomware leak data from Fresenius Medical Care, and REvil claims to have a buyer for the […]

Read More

Daily NCSC-FI news followup 2020-09-19

5 ways cybercriminals can try to extort you www.welivesecurity.com/2020/09/18/five-cybercriminals-extortion-schemes/ When it comes to coercing people into parting with their money, cybercriminals seem to have an endless bag of tricks to choose from. There are some tricks, that they favor more than others, one of which is extortion. According to the FBIs latest Internet Crime Report, […]

Read More