Cyware Daily Threat Intelligence August 01, 2018

ZombieBoy cryptominer
A new cryptocurrency mining malware called ZombieBoy has been discovered. The malware makes use of its namesake own exploit toolkit to mine for Monero. The malware has already stolen $1,000 worth of Monero and is believed to have originated from China. ZombieBoy also uses the leaked NSA exploits DoublePulsar and EternalBlue to create multiple backdoors, which in turn, opens the gates for ransomware and other malicious tools. 

Bisonal malware
A threat actor group was found using a new variant of the Bisonal malware to target victims in Russia and South Korea. Bisonal has been active since 2014. In the new campaign, Bisonal is disguised as a document and a malware dropper is used to infect systems with the malware and a decoy file. The attackers are believed to have targeted a Russian organization which provides communication security services and products.

Crypto-Loot miner
Cybercriminals were spotted using the RawGit service to deliver Crypto-Loot, which is the same cryptominer The Pirate Bay uses to mine for Monero. The new attack method allows attackers to leverage files from GitHub repositories in malware infection. Yale data breach
Yale University recently discovered and disclosed a decade old breach, as well as a more recent incident. The first breach occurred between 2008 and 2009 and involved the attacker steal students, staff and faculty members' names, Social Security numbers, birthdates, email addresses and physical addresses. Yale also found that between 2016 and 2018 its networks were breached again by an attacker who stole the names and social security numbers of 33 people. 

WikiLeaks Twitter DMs leaked
Over 11,000 private Twitter DMs between WikiLeaks and its fervent supporters was leaked by an activist. The leaked messages reveal how WikiLeaks planned smear campaigns against rival journalists and pushed certain anti-Semitic and transphobic messages. Some of these are couched as jokes which are racist and sexist as well.

Fashion Nexus breach
A British IT provider suffered a data breach which impacted scores of customers of popular UK clothing and accessories brands. The breach originated from entrusted web development and e-commerce company Fashion Nexus. Customers of Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags have been affected by the breach.