OSN June 9, 2021

Fortify Security Team
Jun 9, 2021

Title: Stealthy Gelsemium Cyberspies Linked to Noxplayer Supply-Chain Attack
Date Published: June 9, 2021


Excerpt: “Gelsemium uses three components and a plug-in system to give the operators a range of possibilities to gather information: the dropper Gelsemine, the loader Gelsenicine, and the main plugin Gelsevirine. According to reports from G DATA and Verint Systems, the cyberspies used spear-phishing emails with document attachments exploiting the CVE-2012-0158 Microsoft Office vulnerability to deliver the malware. They’ve also been observed by VenusTech using watering holes set up on intranet servers in 2018, while ESET spotted them using a pre-authentication RCE exploit against vulnerable Exchange servers to deploy web shells.”

Title: Prometheus Ransomware Gang: A Group of REvil?
Date Published: June 9, 2021


Excerpt: “Only four victims have paid to date, according to the group’s leak site. It claims that a Peruvian agricultural company, a Brazilian healthcare services provider and transportation and logistics organizations in Austria and Singapore paid ransoms. However, we’re unable to confirm the ransom amounts. One interesting note is that Prometheus claims to be part of the notorious ransomware gang REvil. Unit 42 has seen no indication that these two ransomware gangs are related in any way. The claim may be an attempt to exploit REvil’s name to persuade victims to pay up, or it could be a false flag to take attention away from Thanos.”

Title: DarkSide Pwned Colonial With Old VPN Password
Date Published: June 9, 2021


Excerpt: “Indeed, the password used for the Colonial attack also was discovered inside a batch of leaked passwords on the dark web, according to Bloomberg, and company officials and investigators are still unclear about how hackers obtained the password in the first place. “We don’t see any evidence of phishing for the employee whose credentials were used,” Carmakal told Bloomberg. “We have not seen any other evidence of attacker activity before April 29.” He speculated that perhaps the password may have gotten into the wrong hands when a Colonial employee used it on another account that was previously hacked, according to the report.”

Title: Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked
Date Published: June 7, 2021


Excerpt: “But the unredacted files, which WIRED has reviewed, remain online. And they may include information that could enable follow-on targeting of other pipelines. While Slowik notes that it’s still not clear what sensitive information might be included in the leak’s 70 GB, he worries that it could include information about the software architecture or physical equipment used by LineStar’s customers, given that LineStar provides information technology and industrial control system software to pipeline customers.”

Title: CISA and Bugcrowd to Launch Federal Crowdsourced VDP Platform
Date Published: June 8, 2021


Excerpt: “The move will allow Federal Civilian Executive Branch (FCEB) agencies to coordinate with the civilian hacker community about vulnerabilities in their critical systems. FCEB agencies will now be able to receive security feedback from Bugcrowd’s community of ethical hackers around the world, helping them quickly identify and monitor vulnerabilities in their critical systems.”

Title: Huawei Reveals ‘Cybersecurity Framework’ With Launch of China Transparency Centre
Date Published: June 9, 2021


Excerpt: “Along with the launch, Huawei unveiled the security baseline framework that it said was integrated into its product development process and developed to address legal and regulatory requirements. The framework comprised 54 requirements spanning 15 categories for product implementation, such as backdoor prevention, access channel control, encryption, application security, and secure compilation.The vendor added that this was the first time its security baseline was made available to the industry.”

Title: Hundreds of Suspected Criminals Arrested After Being Tricked Into Using FBI-run Chat App
Date Published: June 9, 2021


Excerpt: “The app AN0M was installed on mobile phones that were stripped of other capabilities. The mobile phones, which were bought on the black market, could not make calls or send emails. It could only send messages to another device that had the organized crime app. Criminals needed to know a criminal to get a device. The devices organically circulated and grew in popularity among criminals, who were confident of the legitimacy of the app because high-profile organized crime figures vouched for its integrity.”

Title: Phished Account Credentials Mostly Verified in Hours
Date Published: June 8, 2021


Excerpt: “While these actors are the ones using the credentials, they aren’t necessarily the same actors that stood up the phishing site. We know there’s a robust economy for compromised credentials, so it’s likely a share of these actors have been provided access to the accounts from another actor.” Most of the time, the credentials were used to send malicious links to gather credentials from targeted industries, including real estate and banking. In many cases, an attacker posed as a vendor and sent fictional invoices in an attempt to collect.”

Title: Microsoft Patches Six Zero-Day Security Holes
Date Published: June 8, 2021


Excerpt: “Interestingly, two of the Windows zero-day flaws — CVE-2021-31201 and CVE-2021-31199 — are related to a patch Adobe released recently for CVE-2021-28550, a flaw in Adobe Acrobat and Reader that also is being actively exploited. “Attackers have been seen exploiting these vulnerabilities by sending victims specially crafted PDFs, often attached in a phishing email, that when opened on the victim’s machine, the attacker is able to gain arbitrary code execution,” said Christopher Hass, director of information security and research at Automox. “There are no workarounds for these vulnerabilities, patching as soon as possible is highly recommended”.”

Title: ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
Date Published: June 8, 2021

https://labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op/ c

Excerpt: “Finally, while I’m quick to disparage the quality of the malware as not up to some exalted Western standard, it’s important to note that ThunderCats (and the larger TA428 umbrella) are pulling off custom-tailored region-specific supply chain attacks, successfully punching way above their weight in their intelligence collection efforts, and they should not be underestimated as an adversary.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...