Fortify Security Team
Feb 22, 2021

Title: Mandiant Identifies Criminal Threat Actor and Mode of Attacks

Date Published: February 22, 2021


Excerpt: “Mandiant, a division of FireEye, Inc., has identified UNC2546 as the criminal hacker behind the cyberattacks and data theft involving Accellion’s legacy File Transfer Appliance product. Multiple Accellion FTA customers who have been attacked by UNC2546 have received extortion emails threatening to publish stolen data on the “CL0P^_- LEAKS” .onion website. Some of the published victim data appears to have been stolen using the DEWMODE web shell. Mandiant is tracking the subsequent extortion activity under a separate threat cluster, UNC2582.”

Title: US Retailer Kroger Admits Accellion Breach

Date Published: February 22, 2021


Excerpt: “US retail giant Kroger has become the latest big-name brand to admit it suffered a data breach via legacy file transfer software. The supermarket chain, America’s largest by revenue, posted the notice late last week.It revealed that some of the firm’s customers and employees may have had their data compromised by a malicious third party who exploited a vulnerability in Accellion’s FTA platform.”

Title: Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

Date Published: February 22,  2021


Excerpt: “Although the group has since signed off following the unprecedented disclosures, new “conclusive” evidence unearthed by Check Point Research shows that this was not an isolated incident. The previously undocumented cyber-theft took place more than two years before the Shadow Brokers episode, the American-Israeli cybersecurity company said in an exhaustive report published today, resulting in U.S.-developed cyber tools reaching the hands of a Chinese advanced persistent threat which then repurposed them in order to attack U.S. targets.”

Title: 30,000 Macs Infected With New Silver Sparrow Malware


Technical Analysis/IoCs: Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight

Date Published: February 22, 2021

Excerpt: “But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it’s unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days. Furthermore, the purpose of this malware is also unclear, and researchers don’t know what its final goal is.”

Title: Researchers Uncovered a New Malware Builder Dubbed APOMacroSploit

Date Published: February 22,  2021


Excerpt: “APOMacroSploit is a macro builder that was to create weaponized Excel documents used in multiple phishing attacks. The threat actor behind the tool continuously updated it to evade detection. Check Point researchers were able to unmask one of the threat actors behind the builder.
Excel documents created with the APOMacroSploit builder are capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection.”

Title: Nvidia Announces Official “Anti-Cryptomining” Software Drivers


Date Published: February 22,  2021

Excerpt: “Simply put, Nvidia will try to detect the code you’re running, and purposefully – but not secretly, given its public announcement – take out what amounts to “denial of service” (DoS) actions against software it thinks is trying to do Ethereum calculations on the GPU. Reports we’ve seen suggest that Nvidia’s anti-crypto drivers work by detecting memory usage that looks like a Dagger-Hashimoto computation, which needs to follow unusual but unavoidable memory access patterns, and cutting the speed of ETH hashing in half.”

Title: Experts Warn of Threat Actors Abusing Google Alerts To Deliver Unwanted Programs

Date Published: February 21,  2021


Excerpt: “Google Alerts is a content change detection and notification service, it sends emails to the user when it finds new results (i.e. web pages, newspaper articles, blogs, or scientific research) that match the user’s search term(s). Upon indexing the content, Google Alerts will alert people who are searching those specific terms. Clicking on the links sent by Google Alerts related to the matches in the fake stories, users are redirected to malicious sites under the control of the threat actors and the threat actor’s malicious site.”

Title: Malformed URL Prefix Phishing Attacks Spike 6,000%

Date Published: February 22,  2021


Excerpt: “RIPE NCC is the regional internet registry (RIR) for Europe, West Asia and the former Soviet Union. It claimed in an update yesterday that its single sign-on (SSO) service was affected by an attempt to crack open accounts, causing some downtime. “We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future,” it noted.”

Title: NSA Equation Group Tool Was Used by Chinese Hackers Years Before It Was Leaked Online

Date Published: February 22,  2021


Excerpt: “Attackers use the script.google.com domain to avoid detection and bypass Content Security Policy (CSP) controls, the Google domain, and its subdomains, are whitelisted by default in the CSP configuration of the e-stores. Experts pointed out that the the actual code hosted at Google is not public, but the error message displayed reaching the above script suggests that stolen payment data is funneled by Google servers to an Israel-based site called analit[.]tech.”

Title: The Florida Water Hack: Don’t Think ‘Redundancy’ Will Prevent the Next One

Date Published: February 22,  2021


Excerpt: “But as was also reported, the attack was detected and blocked long before there was any damage. A supervisor monitoring the Oldsmar (population 15,000) water plant systems saw a mouse pointer move across a screen and “immediately noticed the change in dosing amounts,” which could eventually have boosted the amount of sodium hydroxide (lye) in drinking water by 100 times. That caustic chemical, at low levels, is used to control acidity in water. In high concentrations, it amounts to drain cleaner.”

Recent Posts

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...