Cyware Daily Threat Intelligence, February 17, 2020

Share Blog post

Vulnerable VPN servers continue to be a major concern for organizations as threat actors exploit them to plant backdoors. A new report has revealed that Iran-linked hacker groups, namely APT33 (Shamoon), APT34 (Oilrig), and APT39 (Chafer), have hacked into dozens of large companies by exploiting vulnerabilities in VPNs from Pulse Secure, Secure Fortinet, Palo Alto Networks, and Citrix. Researchers claim that the campaign, named Fox Kitten, has been active for the last three years and is expected to become more significant in 2020 as threat actor groups have developed stronger technical offensive capabilities.

Two phishing email attack campaigns were also observed targeting thirteen organizations and Alaskan residents respectively. While the first attack campaign aimed at thirteen companies is being used to steal corporate secrets and private financial documents, the second phishing campaign is leveraged by scammers to collect personal information by posing as employees of the Alaska USA Federal Credit Union.

Top Breaches Reported in the Last 24 Hours

Canadian residents’ data breached
According to a report from Candian Broadcasting Corporation, it has been found that 10 Canadian government departments and agencies have reportedly leaked the personal information of 144,000 individuals across 7,992 breaches in the last two years. The Canada Revenue Agency topped the list with more than 3005 security incidents affecting close to 60,000 individuals between January 1, 2018, and December 10, 2019.

Redcar council services affected
A major ransomware attack on the website of Redcar & Cleveland Borough Council has affected several online public services for over a week. While the Council’s tax payments service remains unaffected, online bookings for appointments, social care systems, council housing complaints, and other services have been knocked offline due to the attack. Meanwhile, so far, there is no evidence if any data has been misused.

Top Malware Reported in the Last 24 Hours

Targeted phishing attack
A targeted phishing attack campaign using SLK attachments to gain access to corporate networks is underway. The campaign has targeted thirteen companies that include well-known brands like Glad, Hasbro, A2B Australia Limited, AusNet Services, MutualBank Pact Group, and more. The campaign involves threat actors impersonating a company’s vendors and sending emails to the targeted companies.

Hamas agents target soldiers
The Israeli military has successfully thwarted an attack attempt by the Hamas militant group. The members of the militant group had created six fake social media accounts, using the image of young teenage girls, to lure the soldiers into installing malware-infected apps on their phones. These accounts were widely posted on Facebook, Instagram, and Telegram. The three malicious chat apps used for the operation were Catch & See, GrixyApp, and ZatuApp.

Fox Kitten campaign
Iran-linked hacker groups - namely APT33 (Shamoon), APT34 (Oilrig), and APT39 (Chafer) - have targeted companies from different sectors, including IT, Telecommunication, Oil & Gas, Aviation, Government, and Security, as part of the Fox Kitten campaign. Researchers disclosed that the hacker groups have developed good technical offensive capabilities and are able to exploit one-day vulnerabilities in VPN servers in relatively short periods of time.

IOTA Foundation shuts down
IOTA Foundation has shut down its entire network after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds. The attack happened on February 12, 2020. Based on the evidence, the team confirmed that hackers had targeted at least 10 high-value IOTA accounts and used the Trinity exploit to steal funds.

Top Scams Reported in the Last 24 Hours

Alaska residents scammed
The Alaska attorney general has warned residents to look out for scammers posing as employees of the Alaska USA Federal Credit Union. The phishing scam involves scammers sending emails to residents in Alaska to claim that their credit union account has been suspended and the recipient must click a separate click and provide information to unlock their account. The purpose of this scam is to collect personal information from individuals.

 Tags

fox kitten campaign
apt33 shamoon
redcar council
apt34 oilrig
apt39 chafer
hamas agents

Posted on: February 17, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!