The Week In Cybersecurity: Cyber Espionage Operation Fueled For Months By Targeted Phishing Attacks – Security Boulevard

The Week in Cybersecurity: Cyber espionage operation fueled for months by targeted phishing attacks – Security Boulevard

The Home of the Security Bloggers Network
Home » Security Bloggers Network » The Week in Cybersecurity: Cyber espionage operation fueled for months by targeted phishing attacks
Targeted-Phishing
Welcome to the latest edition of The Week in Cybersecurity, which brings you the newest headlines from both the world and our team about the most pressing topics in cybersecurity. This week: a China-linked cyber espionage campaign targets critical entities in Australia and the South China Sea, password manager LastPass gets hacked (again), and more.     
Security Affairs reports that a China-linked advanced persistent threat (APT) group known as TA423 (also known as Red Ladon) has pulled off a cyber espionage campaign from April to June of this year. They have primarily targeted Australian entities, such as government agencies and news media companies. Additionally, the group heavily targeted global heavy industry manufacturers that conduct the maintenance of wind turbines in the areas surrounding the South China Sea. 
Threat intelligence researchers from Proofpoint and PwC released a report sharing details of the operation this week. Researchers claim that TA423 utilized a fake Australian news website to deliver the ScanBox exploitation framework to victims. Multiple China-linked APT groups have served ScanBox in the past, including Stone Panda APT, TA413, and LuckyMouse. ScanBox allows a threat actor to harvest information on a victim’s network, making it a useful cyber espionage tool for threat actors. 
The sender of these suspicious emails posed as an employee of the “Australian Morning News,” a made-up media company. The emails also contained subjects like “sick leave,” “user research,” and “request cooperation.” The email then contained a malicious link that if clicked, would prompt the serving of ScanBox to a victim’s environment. 
TA423’s recent campaign shows that regardless of the cyber operation, whether it be a ransomware attack or cyber espionage, that targeted phishing attacks which utilize social engineering techniques are unfortunately a successful technique for threat actors. 
Here are the stories we’re paying attention to this week… 
Bad actors stole source code and other secrets from the huge password-manager firm’s dev environment. But not, it stresses, anyone’s passwords — as far as it can tell. The moral of the story? Devs should never rely on security by obscurity. 
A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA’s James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems.
Identified in the WordPress Link functionality, previously known as ‘Bookmarks’, the issue only impacts older installations, as the capability is disabled by default on new installations. However, the functionality might still be enabled on millions of legacy WordPress sites even if they are running newer versions of the CMS.
EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.
With a total install base of over 1.4 million, the extensions can modify cookies on eCommerce websites so that their creator receives affiliate payments for the purchased items, without the victim’s knowledge.
Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
An analysis of nightly backups of more than 400,000 unique web servers has revealed the existence of more than 47,000 malicious plugins installed on nearly 25,000 unique WordPress websites. More than 94% of these plugins (over 44,000) continue to be in use today.
Ptq.gif?A=3375217&Amp;K=14&Amp;R=Https%3A%2F%2Fblog.reversinglabs.com%2Fblog%2Fthe Week In Cybersecurity Cyber Espionage Operation&Amp;Bu=Https%253A%252F%252Fblog.reversinglabs
*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by Carolynn van Arsdale. Read the original post at: https://blog.reversinglabs.com/blog/the-week-in-cybersecurity-cyber-espionage-operation
More Webinars
Security Boulevard Logo White
Dmca
Blog Ad 770X330 1 2

source


Leave a Comment

Leave a Reply

Your email address will not be published.

FDA cybersecurity draft guidance draws concern from patients, industry – Regulatory Focus

Matterport Partners with Technology Distributor TD SYNNEX to Integrate 3D Digital Twin Platform Across Network of 150,000 Resellers – StreetInsider.com

Cyber Security Skills Gap | How to Address Cyber Security Gaps – Mandiant

Empire of Hacking: U.S. is the Biggest Threat to Cyber Security – Xinhua