OSN MARCH 18, 2021

Fortify Security Team
Mar 18, 2021

Title: Chinese Nation State Hackers Linked to Finnish Parliament Hack
Date Published: March 18, 2021


Excerpt: “Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts. “Some parliament email accounts may have been compromised as a result of the attack, among them email accounts that belong to MPs,” Parliament officials said at the time. The attack was detected by the Finnish Parliament’s security team and is being investigated by the Finnish National Bureau of Investigation (NBI), with the help of the Security Police and the Central Criminal Police.”

Title: State-Sponsored Threat Groups Target Telcos, Steal 5G Secrets
Date Published: March 17, 2021


Excerpt: “Given the tactics used in the campaign, researchers surmised it to be the work of known Chinese-language APTs RedDelta and Mustang Panda. RedDelta was last believed to be behind cyberattacks against the Vatican and other Catholic Church-related institutions last year. In those attacks, adversaries leveraged spear phishing emails laced with malware that ultimately pushed the PlugX remote access tool (RAT) as the final payload.”

Title: Attackers Are Trying Awfully Hard to Backdoor Ios Developers’ Macs
Date Published: March 18, 2021


Excerpt: “It came in the form of a malicious project the attacker wrote for Xcode, a developer tool that Apple makes freely available to developers writing apps for iOS or another Apple OS. The project was a copy of TabBarInteraction, a legitimate open source project that makes it easier for developers to animate iOS tab bars based on user interaction. An Xcode project is a repository for all the files, resources, and information needed to build an app.”

Title: FBI: One Type of Scam Is Costing Business the Most
Date Published: March 17, 2021


Excerpt: “The technique and switch to cryptocurrency differs from previous years when a senior executive’s email address may have been spoofed and used to instruct a subordinate to wire funds to the fraudster’s bank account. The FBI report notes that tech support fraud continues to be a growing problem, but recently victims have complained about criminals posing as customer support for banks, utility companies or virtual currency exchanges.”

Title: Breaking Bad: Desperate Job Seekers Turn to the Darknet and Hacking Forums for Opportunities
Date Published: March 18, 2021


Excerpt: “Unsurprisingly, the impact of the pandemic on the global economy has been dramatic. Most major economies have lost at least, if not more, than 2% of their GDP. The global stock markets have suffered dramatic falls due to the outbreak, and the Dow Jones reported its largest-ever single day fall of almost 3,000 points on March 16, 2020. As economies suffer, unemployment rates have increased too. In the US, unemployment peaked to unprecedented levels in April 2020 at 14.8% before declining to 6.7% in December. In Europe unemployment rose from 6.5% to 7.5% over the course of the year.”

Title: Mimecast Reveals Source Code Theft in Solarwinds Hack
Date Published: March 18,  2021


Excerpt: “According to Mimecast’s security incident disclosure, published on March 16, a malicious SolarWinds Orion update was used to access the company’s production grid environment. The cloud and email security firm said “a limited number of source code repositories” were downloaded during a cyberattack in January, but added that the company currently has “no evidence” that this code was maliciously modified or that the loss will impact any existing products.”

Title: Cisco Plugs Security Hole in Small Business Routers
Date Published: March 17,  2021


Excerpt: “A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly. Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers. These routers are described by Cisco as “networking-in-a-box” models that are targeted for small or home offices and smaller deployments.”

Title: $4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware
Date Published: March 17, 2021


Excerpt: “Cybercriminals have wasted no time in hopping on the American Rescue Plan – the COVID-19 relief legislation just signed into law – as a lure for email-based scams .According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans’ interest in the forthcoming $1,400 relief payments and other aid. The emails impersonate the IRS, using the agency’s official logo and a spoofed sender domain of IRS[.]gov – and claim to offer an application for financial assistance. In reality, the emails offer the Dridex banking trojan.”

Title: China-linked TA428 Continues to Target Russia and Mongolia IT Companies
Date Published: March 17, 2021


Excerpt: “On January 21, 2021, Insikt Group detected the PlugX C2 server 103.125.219[.]222 (Hosting provider: VPSServer[.]com) hosting multiple domains spoofing various Mongolian news entities. One of the domains, f1news.vzglagtime[.]net, previously appeared in the aforementioned Proofpoint Operation LagTime IT blog. At the time of the Proofpoint blog publication in July 2019, the vzglagtime[.]net domain was hosted on 45.76.211[.]18 through the hosting provider Vultr. According to passive DNS data, this IP address also hosted the Mongolian-themed domains at the same time, further strengthening the overlaps between these unreported suspected TA428 domains and Operation LagTime IT activity.”

Title: Twitter Images Can Be Abused to Hide ZIP, MP3 Files — Here’s How
Date Published: March 17, 2021


Excerpt: “Yesterday, researcher and programmer David Buchanan attached example images to his tweets that had data such as entire ZIP archives and MP3 files hidden within. Although the attached PNG files hosted on Twitter represent valid images when previewed, merely downloading and changing their file extension was enough to obtain different content from the same file. As observed by BleepingComputer the 6 KB image tweeted by the researcher contains an entire ZIP archive. The ZIP contains Buchanan’s source code that anyone can use to pack miscellaneous contents into a PNG image.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...