OSN MARCH 18, 2021

by | Mar 18, 2021 | Open Source News

Title: Chinese Nation State Hackers Linked to Finnish Parliament Hack
Date Published: March 18, 2021

https://www.bleepingcomputer.com/news/security/chinese-nation-state-hackers-linked-to-finnish-parliament-hack/

Excerpt: “Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts. “Some parliament email accounts may have been compromised as a result of the attack, among them email accounts that belong to MPs,” Parliament officials said at the time. The attack was detected by the Finnish Parliament’s security team and is being investigated by the Finnish National Bureau of Investigation (NBI), with the help of the Security Police and the Central Criminal Police.”

Title: State-Sponsored Threat Groups Target Telcos, Steal 5G Secrets
Date Published: March 17, 2021

https://threatpost.com/state-sponsored-threat-groups-target-telcos-steal-5g-secrets/164841/

Excerpt: “Given the tactics used in the campaign, researchers surmised it to be the work of known Chinese-language APTs RedDelta and Mustang Panda. RedDelta was last believed to be behind cyberattacks against the Vatican and other Catholic Church-related institutions last year. In those attacks, adversaries leveraged spear phishing emails laced with malware that ultimately pushed the PlugX remote access tool (RAT) as the final payload.”

Title: Attackers Are Trying Awfully Hard to Backdoor Ios Developers’ Macs
Date Published: March 18, 2021

https://arstechnica.com/gadgets/2021/03/attackers-are-trying-awfully-hard-to-backdoor-ios-developers-macs/

Excerpt: “It came in the form of a malicious project the attacker wrote for Xcode, a developer tool that Apple makes freely available to developers writing apps for iOS or another Apple OS. The project was a copy of TabBarInteraction, a legitimate open source project that makes it easier for developers to animate iOS tab bars based on user interaction. An Xcode project is a repository for all the files, resources, and information needed to build an app.”

Title: FBI: One Type of Scam Is Costing Business the Most
Date Published: March 17, 2021

https://www.zdnet.com/article/fbi-one-type-of-scam-is-costing-business-the-most/#ftag=RSSbaffb68

Excerpt: “The technique and switch to cryptocurrency differs from previous years when a senior executive’s email address may have been spoofed and used to instruct a subordinate to wire funds to the fraudster’s bank account. The FBI report notes that tech support fraud continues to be a growing problem, but recently victims have complained about criminals posing as customer support for banks, utility companies or virtual currency exchanges.”

Title: Breaking Bad: Desperate Job Seekers Turn to the Darknet and Hacking Forums for Opportunities
Date Published: March 18, 2021

https://www.zdnet.com/article/fbi-one-type-of-scam-is-costing-business-the-most/

Excerpt: “Unsurprisingly, the impact of the pandemic on the global economy has been dramatic. Most major economies have lost at least, if not more, than 2% of their GDP. The global stock markets have suffered dramatic falls due to the outbreak, and the Dow Jones reported its largest-ever single day fall of almost 3,000 points on March 16, 2020. As economies suffer, unemployment rates have increased too. In the US, unemployment peaked to unprecedented levels in April 2020 at 14.8% before declining to 6.7% in December. In Europe unemployment rose from 6.5% to 7.5% over the course of the year.”

Title: Mimecast Reveals Source Code Theft in Solarwinds Hack
Date Published: March 18,  2021

https://www.zdnet.com/article/mimecast-reveals-source-code-theft-in-solarwinds-hack/

Excerpt: “According to Mimecast’s security incident disclosure, published on March 16, a malicious SolarWinds Orion update was used to access the company’s production grid environment. The cloud and email security firm said “a limited number of source code repositories” were downloaded during a cyberattack in January, but added that the company currently has “no evidence” that this code was maliciously modified or that the loss will impact any existing products.”

Title: Cisco Plugs Security Hole in Small Business Routers
Date Published: March 17,  2021

https://threatpost.com/cisco-security-hole-small-business-routers/164859/

Excerpt: “A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly. Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers. These routers are described by Cisco as “networking-in-a-box” models that are targeted for small or home offices and smaller deployments.”

Title: $4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware
Date Published: March 17, 2021

https://threatpost.com/covid-19-relief-checks-dridex-malware/164853/

Excerpt: “Cybercriminals have wasted no time in hopping on the American Rescue Plan – the COVID-19 relief legislation just signed into law – as a lure for email-based scams .According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans’ interest in the forthcoming $1,400 relief payments and other aid. The emails impersonate the IRS, using the agency’s official logo and a spoofed sender domain of IRS[.]gov – and claim to offer an application for financial assistance. In reality, the emails offer the Dridex banking trojan.”

Title: China-linked TA428 Continues to Target Russia and Mongolia IT Companies
Date Published: March 17, 2021

https://www.recordedfuture.com/china-linked-ta428-threat-group/

Excerpt: “On January 21, 2021, Insikt Group detected the PlugX C2 server 103.125.219[.]222 (Hosting provider: VPSServer[.]com) hosting multiple domains spoofing various Mongolian news entities. One of the domains, f1news.vzglagtime[.]net, previously appeared in the aforementioned Proofpoint Operation LagTime IT blog. At the time of the Proofpoint blog publication in July 2019, the vzglagtime[.]net domain was hosted on 45.76.211[.]18 through the hosting provider Vultr. According to passive DNS data, this IP address also hosted the Mongolian-themed domains at the same time, further strengthening the overlaps between these unreported suspected TA428 domains and Operation LagTime IT activity.”

Title: Twitter Images Can Be Abused to Hide ZIP, MP3 Files — Here’s How
Date Published: March 17, 2021

https://www.bleepingcomputer.com/news/security/twitter-images-can-be-abused-to-hide-zip-mp3-files-heres-how/

Excerpt: “Yesterday, researcher and programmer David Buchanan attached example images to his tweets that had data such as entire ZIP archives and MP3 files hidden within. Although the attached PNG files hosted on Twitter represent valid images when previewed, merely downloading and changing their file extension was enough to obtain different content from the same file. As observed by BleepingComputer the 6 KB image tweeted by the researcher contains an entire ZIP archive. The ZIP contains Buchanan’s source code that anyone can use to pack miscellaneous contents into a PNG image.”