Cyware Daily Threat Intelligence, June 25, 2019

See All
A large-scale espionage attack on telecommunications companies has come to notice of the researchers. Dubbed as ‘Operation Soft Cell’, the cyberespionage campaign has targeted at least 10 global telecommunication providers since 2017 in order to spy on high-profile individuals across the world. The tools and TTPs used in the campaign have been linked with the Chinese threat actor APT 10 group. 

Researchers have also come across a new Mac malware named OSX/Linker which leverages a recently disclosed zero-day Gatekeeper vulnerability for distribution. The vulnerability affects all the versions of macOS, including the latest 10.14.5. The malware is distributed as disk image files which come in the disguise of Adobe Flash Player installers.

A new flaw in LTE networks that can be used to launch spoofing attacks has also been discovered by researchers in the past 24 hours. The flaw can allow an attacker to send fake presidential emergency alerts. LTE networks in countries like Europe, the US and South Korea are the potential targets of this spoofing attack.  

Top Breaches Reported in the Last 24 Hours
 
10 telecoms companies attacked
A cyberespionage campaign named Operation Soft Cell has been targeting 10 global telecommunications providers for a number of years. The campaign has let the attackers gain access to call data records, geolocations and other sensitive information of hundreds of millions of people. Affected targets have been identified in Europe, Africa, the Middle East, and Asia. It is believed that the campaign has been active since at least 2017. The attackers had set up their own VPN and at least ten different accounts with administrator privileges to steal the data. 

Marin Community Clinics attacked
Marin Community Clinics’ computers were locked following an attack by Sodinokibi ransomware. The ransomware had gained access through a computer server. However, the firm had confirmed that no patient data has been compromised in the attack. The firm was able to recover its affected systems within three days after the attack. It had managed to restore the system due to its backup data. 

Tesco Twitter account hacked
A cybercriminal had hacked Tesco’s Twitter account to promote a Bitcoin cryptocurrency scam. The profile name of the account was changed to Bill Gates. The purpose behind this was to obtain followers’ personal details. The scam involved the hacker asking the followers to send bitcoins to a wallet in order to get huge returns. Upon discovery, Tesco immediately took action to recover its Twitter account.  

Top Malware Reported in the Last 24 Hours

OSX/Linker malware
Researchers have discovered that attackers are abusing a recently disclosed zero-day vulnerability in macOS Gatekeeper protection to deliver the new OSX/Linker malware. The vulnerability affects all the versions of macOS, including the latest 10.14.5 version. The malware is distributed as disk image files which come in the disguise of Adobe Flash Player Installers.

Sodinokibi ransomware evolves
Sodinokibi ransomware has evolved to be pushed through malvertising campaigns. These campaigns redirect users to the RIG exploit kit that causes the download of the ransomware. The malvertising campaigns are done on the PopCash ad network. 
   
Top Vulnerabilities Reported in the Last 24 Hours

Exim vulnerability exploited
A new instance of cybercriminal groups exploiting the recently disclosed Exim vulnerability has surfaced recently. The vulnerability, tracked as CVE-2019-10149, which affects nearly 50% of the internet’s email servers, is being leveraged by attackers to deploy malware like Bash stealer and ELF Uploader. This remote code execution flaw can allow an attacker to execute code under the Exim process access level on most servers.  

LTE vulnerability
A flaw in LTE networks can allow attackers to send fake Amber alerts and presidential emergency alerts. The vulnerability can be abused by creating a malicious cell tower channel using off-the-shelf hardware and open-source software. This malicious cell tower can later be used to deploy an exploit. LTE networks in countries like Europe, the US and South Korea are the potential targets of this spoofing attack. 

New Linux kernel security update
Canonical has released a new Linux kernel security update to fix a vulnerability in Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), and Ubuntu 18.04 LTS (Bionic Beaver) operating systems. Tracked as CVE-2019-12817, the flaw could allow an attacker to access memory contents or corrupt the memory of other processes. 

Kubernetes flaw
A high-severity vulnerability - CVE-2019-11246 - has been found impacting kubectl command. The flaw can allow an attacker to overwrite sensitive file paths or add malicious programs. The issue can be mitigated by upgrading kubectl to Kubernetes 1.12.9, 1.13.6, and 1.14.2 or later versions.   




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 26, 2019
Next
Cyware Daily Threat Intelligence, June 24, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.