The scope of SolarWind's supply chain attack continues to blow security experts’ minds as new details emerge. In a new update, Microsoft has confirmed that the hackers behind the attack had used a compromised account to view source code from its internal repositories. Discovered in early December 2020, the attack had affected several U.S. government departments and private organizations.
This doesn’t end here. In another investigation, it has been found that the China-based APT27 threat actor group has turned to ransomware to wreak havoc on at least five companies in the online gambling sector. BitLocker tool, Clambling backdoor, and PlugX RAT were also used as part of the attack campaign.
Top Breaches Reported in the Last 24 Hours
Over 200 million records on sale
Over 200 million records related to Chinese citizens
have been put on sale on a Russian dark web forum. The exposed data includes ID, gender, name, birth date, mobile number, address, and code numbers of citizens. Researchers claim that the data might have been stolen from multiple popular Chinese services, including Gongan, County, Weibo, and QQ.
Windows Core Polaris code leaked
Microsoft’s unreleased Windows Core Polaris OS
was reportedly been leaked online. However, the good news is that the leak included a very early build from 2018 and contained no shell or apps.
New update on SolarWinds
Microsoft has issued an update in which it has confirmed that it traced a compromised account used to “view source code” of its internal code structure. However, it stated that viewing source code is not tied to an elevation of risk.
Top Malware Reported in the Last 24 Hours
APT27 turn to ransomware
In an extended investigation, security researchers have found that the China-based APT27 threat actor group is behind ransomware attack
s that targeted at least five companies in the online gambling sector. For this, the attackers relied on the BitLocker encryption tool and Clambling backdoor, a malware sample similar to the one used in the DBRControl campaign. Other malware found in the attack campaign includes the PlugX RAT.
Top Scams Reported in the Last 24 Hours
PayPal phishing scam
An ongoing smishing campaign is targeting PayPal users in an attempt to steal their account credentials and other sensitive information. The message warns the recipients that their accounts have been permanently limited and that they need to verify the account by clicking on a link. This, in turn, takes the victims to a phishing page that prompts them to provide their credentials. The phishing page goes a step further and asks for details such as name, date of birth, address, and bank details, among others.