Overview of security incidents for the period 31 July to 6 August 2021

Attacks by Chinese hackers on Russian government agencies, an investigation on suspicion of terrorism in connection with a hacker attack in Italy, the return of the Solarmarker infostealer – read about these and other security incidents for the period from July 31 to August 6, 2021

One of the most high-profile events of the past week was the surveillance of prominent journalists and political activists using the commercial spyware Pegasus from the Israeli company NSO Group. The surveillance was carried out by the governments of authoritarian regimes in the Middle East.

The US Postal Service is also accused of large-scale surveillance of social media users . According to the nonprofit human rights organization Electronic Frontier Foundation, the Postal Service launched an initiative called the Internet Covert Operations Program, which analyzed huge volumes of user posts on social networks such as Facebook, Twitter and Parler to keep track of what they are talking about and what they are sharing.

Cybersecurity research team Cybereason Nocturnus has detected three malicious cyber espionage campaigns aimed at hacking the networks of large telecommunications companies. The malicious campaign, collectively known as DeadRinger, targets companies in Southeast Asia. According to experts, the attacks were orchestrated by three cybercriminal groups (APTs) allegedly linked to the Chinese government.

The Chinese hacker group ART31, known for numerous attacks on government agencies in different countries, attacked Russian companies for the first time. The cybercriminals sent phishing emails to the victims, which contained a link to a fake domain imitating the domain of certain government agencies. When a link was opened, a remote access Trojan was loaded on the system, creating a malicious library on the infected device and installing a special application.

As it became known, a series of cyberattacks on Russian authorities in 2020 could have been carried out by several hacker groups funded by the Chinese government. The attacks used the Webdav-O malware, which is a new version of the BlueTraveller Trojan. According to experts, Russian government agencies were attacked either by two groups, TA428 and TaskMasters, or by one group that combines several units.

A cybercriminal group allegedly linked to China has attacked four critical infrastructure organizations in Southeast Asia. According to information security experts from Symantec, attackers may be interested in automated process control systems (APCS). According to experts, the malicious campaign began presumably in November 2020 and lasted until at least March 2021. The main goal of the attackers was to collect intelligence.

In turn, the US Department of Justice accused “Russian hackers” of stealing data from American prosecutors. A Russian cybercriminal group accused of attacking SolarWinds has allegedly hacked e-mails from US federal prosecutors.

Traditionally, this week has not been without news of ransomware attacks. Silicon Valley venture capital firm Advanced Technology Ventures (ATV) reported that the personal information of some of its private investors was stolen in a ransomware attack. According to ATV representatives in a letter to the Attorney General of Maine (USA), in July of this year, the company discovered that computer systems were infected with ransomware. According to the results of the investigation, it became known that the criminals had stolen some of her confidential data.

Italian energy company ERG reported a ransomware cyberattack that disrupted its ICT infrastructure.

It also became known that the international steel supplier Macsteel was the victim of a cyber attack simultaneously with the South African logistics company Transnet. The incident took place at the end of July this year, and Macsteel managed to get its IT systems back online within two business days. No critical information (neither personal nor confidential data) was touched.

Unknown persons published in the public domain more than 800 thousand files stolen, according to them, from the server of the Swedish manufacturer of skincare products Oriflame. In particular, over 25 thousand scanned copies of documents of Georgian citizens and more than 700 thousand – citizens of Kazakhstan were published. Documents are presented in JPG format. According to the hackers, they have 4 TB of data (over 13 million files) at their disposal.

Official portals related to the vaccination program in the Lazio metropolitan area in Italy were hacked. Due to the cyberattack, the coronavirus vaccination record was suspended. In connection with the incident, the Rome prosecutor’s office is conducting an investigation on suspicion of terrorism.

Educational and medical institutions have fallen victim to a new malicious credential theft campaign. During attacks, criminals infect victim systems with a .NET infostealer and keylogger called Solarmarker. According to Cisco Talos, the malicious campaign dubbed Solarmarker began back in September 2020.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts