Cyber Briefing: 2023.07.04

CyberMaterial
7 min readJul 4, 2023

--

The latest in cybersecurity: BlackCat , SmugX, Meduza Stealer, Twitter, Neo_Net, Android Malware, Microsoft Breached, Anonymous Sudan, Huobi, Poly Network, Face Recognition.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. BlackCat Group: Malware Attacks via Cloned Webpages

The BlackCat ransomware-as-a-service group has been found utilizing chosen keywords on legitimate organization webpages to deploy malicious malware, as discovered by an unnamed organization and Trend Micro researchers. This technique involves hijacking keywords to display malicious ads that entice unsuspecting users to download malware. The attackers stole administrator privileges, attempted to establish backdoor access, and exfiltrated data using tools such as PuTTY Secure Copy and Clop ransomware. The campaign also involved the use of SEO-poisoning techniques and various tools like Cobalt Strike Beacon, AdFind, and AnyDesk for unauthorized activities within the network.

2. China APT Group’s HTML Smuggling Attacks

Cybersecurity firm Check Point has reported a persistent campaign named SmugX, attributed to a China-linked APT group targeting Foreign Affairs ministries and embassies in Europe since December 2022. The attackers utilized HTML smuggling, a highly evasive technique, to deliver a new variant of the PlugX remote access trojan, leveraging legitimate HTML5 and JavaScript features to hide malicious payloads within HTML documents. The campaign focused on government entities, employing spear-phishing messages with JavaScript or ZIP files, and the researchers found similarities to previously reported activity by Chinese APT actors RedDelta and Mustang Panda, although they could not conclusively link it to the Camaro Dragon group.

3. Meduza Stealer: Sophisticated Windows Information Stealer

Researchers have uncovered a new Windows information stealer called Meduza Stealer, which utilizes advanced marketing strategies to promote its malicious capabilities. Capable of extracting a wide range of browser-related data, including login credentials, browsing history, and bookmarks, the malware targets crypto wallet extensions, password managers, and 2FA extensions. While no specific attacks have been attributed to Meduza Stealer thus far, its authors actively develop the malware to evade detection, and antivirus software has proven ineffective against its binary.

4. NPM Manifest Confusion Checker: Secure Packages

A powerful new tool has been developed to tackle the issue of manifest confusion in packages from the NPM JavaScript software registry. With the risk of malware hiding in dependencies or executing scripts during installation, it is crucial for developers to ensure data consistency. In response to the problem, sysadmin Felix Pankratz has released a Python-based tool that allows developers to easily identify mismatches between the manifest and the package.json file, providing essential insights to protect against potential security threats.

5. Neo_Net: Global Android Malware Campaign

A notorious Mexican cybercriminal known as Neo_Net has been linked to a widespread Android mobile malware campaign targeting financial institutions worldwide, with a particular focus on Spanish and Chilean banks. Despite using relatively unsophisticated tools, Neo_Net has managed to achieve a high success rate by tailoring their infrastructure to specific targets, resulting in significant financial theft and compromising the Personally Identifiable Information (PII) of numerous victims. With major banks like Santander, BBVA, and CaixaBank among their targets, this cybercriminal has established themselves as a seasoned threat actor involved in various illicit activities, including the sale of phishing panels and a smishing-as-a-service offering called Ankarex.

💥 Cyber Incidents

6. College Cyberattack: 758K Affected

Hundreds of thousands of individuals had their personal information compromised in a cyberattack on Lansing Community College, forcing the institution to suspend online courses and campus WiFi. The investigation revealed that names and Social Security numbers were among the stolen data, making it valuable to cybercriminals for fraudulent activities. While Maine residents have been notified and offered identity theft protection, it remains unclear if the same courtesy was extended to victims from other states and why the college had data on such a large number of people. This incident adds to a concerning trend of community colleges becoming targets for cybercriminals.

7. Exam Board Hacks Spark Cheating Fears

Multiple incidents of exam paper theft by hackers and their subsequent sale to students have prompted investigations by British police, raising concerns about academic cheating. While attempts to sell fake exam papers online are common during the exam season in England and Wales, genuine data breaches affecting exam boards are rare. The investigations involve exam boards OCR, Pearson Edexcel, and AQA, with suspicions that hackers gained access to a school’s internal email system to request papers from the boards. The police, government, and National Crime Agency’s cybercrime unit are collaborating on the ongoing investigations.

8. Microsoft Denies Massive Data Breach Claims

Microsoft has refuted the claims made by hacktivist group “Anonymous Sudan” that they successfully breached the company’s servers and obtained credentials for 30 million customer accounts. Anonymous Sudan, known for their DDoS attacks, had previously disrupted Microsoft services in June. They alleged that they possessed a database with millions of Microsoft account details, which they offered for sale. However, Microsoft has stated that their analysis shows no evidence of a legitimate breach or compromise of customer data.

9. Hacking Group ALPHV Breaches UK Hospital

The hacking group ALPHV, also known as BlackCat, announced a successful infiltration of the Barts Health NHS Trust, gaining unauthorized access to seven terabytes of confidential data from five hospitals in London, serving 2.5 million individuals. While ALPHV is notorious for deploying ransomware, they have not yet used it in this attack, choosing instead to steal data and potentially demand payment to prevent its release.

10. Huobi Addresses Data Breach: User Details Exposed

Leading cryptocurrency exchange Huobi has addressed a significant data breach that leaked the contact details of 4,960 users. The breach, which occurred due to improper operations in the testing environment of Huobi’s Japanese AWS site, involved the exposure of credentials granting write privileges to Huobi’s AWS S3 buckets, potentially affecting every Huobi user over the past two years. However, Huobi swiftly responded to the breach, securing the compromised account and cloud storage to ensure that no user accounts or funds were compromised, emphasizing the importance of robust security measures in the digital currency industry.

11. Poly Network: Massive DeFi Hack Exposes Vulnerabilities

In a major security breach, Poly Network, a cross-chain bridge platform, fell victim to a hacker who exploited a smart contract vulnerability to issue billions of tokens and potentially stole millions of dollars. The attack affected 57 different cryptocurrencies across 10 blockchains, including Ethereum, BNB Chain, and Polygon. While the exact amount stolen remains undisclosed, estimates suggest the hacker transferred at least $10 million worth of crypto across multiple addresses. Poly Network has reached out to centralized exchanges and law enforcement agencies for assistance while advising project teams and tokenholders to take precautions.

📢 Cyber News

12. Pape-Dawson Data Breach Settlement

A class-action lawsuit against San Antonio-based Pape-Dawson Engineers Inc. over a 2022 data breach has resulted in a proposed settlement that offers affected employees the opportunity to claim losses from the breach. The settlement, subject to court approval, allows class members to seek compensation for ordinary losses, including identity theft and fraud, up to $325, as well as up to $4,000 for documented economic losses resulting from fraud or misuse of their identity. The settlement also includes free credit monitoring and fraud insurance, along with improved cybersecurity measures by Pape-Dawson.

13. Enhanced Edge Secure Network

Microsoft’s Edge browser has upgraded its Edge Secure Network feature, now offering a substantial increase from 1GB to 5GB of data. This enhancement enables users to encrypt their internet connection and protect their data against online threats using Cloudflare’s routing.To utilize the Edge Secure Network, users must log in with their Microsoft account, allowing monitoring of monthly data usage. Microsoft ensures that the user’s account identity remains confidential and is not shared with the service provider, Cloudflare, during the Secure Network connection.

14. Artists Rally Against Facial Recognition

Over 100 artists and venues have joined forces in a boycott organized by Fight for the Future, advocating for the banning of facial recognition technology at live events. The campaign highlights concerns about privacy infringement and the potential for increased discrimination against marginalized groups. Renowned figures such as Tom Morello, Zack de la Rocha, Boots Riley, and Speedy Ortiz have announced their participation in the boycott, while independent concert venues like House of Yes and Black Cat have pledged to refrain from using facial recognition technology during shows. The activists emphasize the risks and flaws of the technology, calling for immediate action to end its spread in the entertainment industry.

15. Twitter’s Bot Battle: Adult Content Infiltration

The rise of adult content bots on Twitter adds to the platform’s existing challenges with fake accounts and bots, despite Elon Musk’s promises to tackle the issue. Security researchers have flagged numerous spam accounts that engage in unsolicited direct messages and interactions, enticing users to click on links leading to hookup and NSFW sites. Despite suspending bot accounts, Twitter is yet to find an effective solution, leaving the platform in a constant whack-a-mole situation.

Subscribe and Comment.

Copyright © 2023 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, Youtube, and Medium.

--

--

CyberMaterial

World's #1 Cybersecurity Repository of data. Subscribe to Cyber Briefing.