Go to listing page

Cyware Daily Threat Intelligence August 28, 2018

Cyware Daily Threat Intelligence August 28, 2018

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Russian hackers target Orthodox Christians
Russia-backed hackers, Fancy Bear, spent years trying to steal the private correspondence of some of the world's most senior Orthodox Christian figures. The targets included top aides to Ecumenical Patriarch Bartholomew I. The campaign is reportedly the Kremlin's effort to help Moscow’s Patriarch Kirill remain as the head of the Ukrainian Orthodox Church.

Atlas Quantum breach
Cryptocurrency investment platform Atlas Quantum suffered a data breach which exposed the personal details of over 260,000 users.  The exposed data included names, telephone numbers, email addresses and account statements. Atlas Quantum said the hackers did not steal any funds from users' accounts. Some features of the platform have been temporarily disabled, as a precaution to ensure security.

ABBYY breach
ABBYY, the maker of optical character recognition software, suffered a breach due to an unprotected MongoDB database. Over 200,000 sensitive documents were exposed due to the breach. The data exposed includes details such as corporate emails and encrypted passwords, contracts, memos, letters, and other documentation.

Top Malware Reported in the Last 24 Hours

Android.Banker.L is a newly discovered Android trojan that is considered to be an all-in-one malware. It combines the functionality of banking Trojans, keyloggers, and ransomware to compromise victim devices and steal data.  Android.Banker.L can forward calls, record sound, conduct keylogging and deploy ransomware. The trojan is also able to launch device browsers with a URL received from its C&C server, which is contacted via Twitter.

RtPoS malware
A new family of PoS malware has been discovered dubbed RtPoS. The malware has basic obfuscation and purports to be the Windows Logon Service. After compromising the machine, the RtPoS obtains a process list and begins its iteration. The malware is capable of stealing payment card data and can remain undetected for longer than other malware variants since it saves stolen data locally instead of sending it to the C2 server. RtPoS is suspected to be a post-compromise tool and could be a part of a larger set of tools, which are yet to be identified.


fancy bears
atlas quantum

Posted on: August 28, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.