News from the different realms of Cybersecurity
Much more detail here:
CISA: https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
Mandiant: https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool
IcedID Info-Stealing Malware Continues to Spread
Compromised Microsoft Exchange servers are sending out emails that appear to be a part of an email chain’s conversation to lure the un-suspecting user into opening an attached password protected archive or .zip file, along with the included password on open the file, resulting in infecting the user’s computer. From this point IcedID phones home with command-and-control techniques and then it can be utilized for a number of different ways to continue to exploit the infected computer. Due to the age of IcedID malware there is quite a bit of researched patterns and information of how it infects a computer.
More details:
The Register – https://www.theregister.com/2022/03/29/icedid_microsoft_exchange_phishing/
The Hacker News – https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html
BleepingComputer – https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
“Scarab”, a Chinese speaking threat actor has been identified attacking Ukraine in using a backdoor named “HeaderTip” in spear-phishing attack campaigns.
The Hacker News – “Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion” : https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html
The Record – “Researchers tie Ukraine cyber intrusion attempt to suspected Chinese threat actor ‘Scarab’” : https://therecord.media/researchers-tie-ukraine-cyber-intrusion-attempt-to-suspected-chinese-threat-actor-scarab/
Events like these truly show how much war has evolved in the cyber realm.
BleepingComputer – “Ransomware gangs, hackers pick sides over Russia invading Ukraine”: https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/
From command & control to data wiping malware, Ukraine is struggling with quite a bit of cyber threats since the start of Russia’s operation. When it comes to DDoS attacks both Russia and Ukraine are both having to defend themself. Internet sites in both countries have been seen going completely un-reachable during this event.
ABC News – Cyberattacks accompany Russian military assault on Ukraine – ABC News: https://abcn.ws/3IjbNmX
ZDNet – Flight tracker Flightradar24 crash caused by ‘international interest’ in Ukraine, Russia conflict: https://www.zdnet.com/article/flight-tracker-flightradar24-crash-caused-by-international-interest-in-ukraine-russia-conflict/
ZDNet – Ukraine Ministry of Defense confirms DDoS attack; state banks lose connectivity: https://www.zdnet.com/article/ukraine-ministry-of-defense-confirms-ddos-attack-state-banks-loses-connectivity/
Infosecurity Magazine – US and UK Warn of VPNFilter Successor “Cyclops Blink”: https://www.infosecurity-magazine.com/
Reuters – Ukraine computers hit by data-wiping software as Russia launched invasion: https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/
CNBC – Cyberattack hits Ukrainian banks and government websites: https://www.cnbc.com/2022/02/23/cyberattack-hits-ukrainian-banks-and-government-websites.html
CNN – Russian government websites mysteriously go dark as invasion continues: https://www.cnn.com/europe/live-news/ukraine-russia-news-02-24-22-intl/h_e0d16b404e39c4f6bbbb337fe2e4f1a1
A new malware threat named Cyclops Blink, which appears to replace Sandworm’s VPNFilter malware that was used against Ukraine in 2018, is targeting Watchguard firewalls to compromise, implement command and control, update the malware instance with more mods to possibly use for larger attacks and even more.
A new style of malware uniquely set to compromise Windows OS via the Windows Subsystem for Linux (WSL), has been reported by researchers at Lumen’s Black Lotus Labs.
More detail here: https://www.bleepingcomputer.com/news/security/new-malware-uses-windows-subsystem-for-linux-for-stealthy-attacks/
Scammers have found a way to exploit the buzz around Windows 11 to launch phishing campaigns against unsuspecting businesses. Companies are receiving…
Watch out for Windows 11 Alpha
“This password-stealing Windows malware is distributed via ads in search results” via Danny Palmer | ZDNet
“MosaicLoader can be used to steal passwords, install cryptocurrency miners and deliver trojan malware warn researchers, who say those behind it want to sell access to Windows PCs on to other cyber criminals.”
More detail: https://www.zdnet.com/article/this-password-stealing-windows-malware-is-distributed-via-ads-in-search-results/
Cybersecurity Today