Go to listing page

Cyware Daily Threat Intelligence, December 31, 2019

Cyware Daily Threat Intelligence, December 31, 2019

Share Blog Post

With just one day left for 2019, let’s welcome the new year with positive news from the cybersecurity landscape. Microsoft has managed to take down 50 malicious web domains previously used by the notorious North Korean cyber espionage hacking group Thallium - also called APT37. Investigations highlight that these domains were used to send phishing emails and host phishing pages in several attacks carried out by the group. The purpose of many of these attacks was to distribute a variety of malware like BabyShark and KimJongRAT.

As they say ‘with the good comes the bad,’ the past 24 hours in the cyber world also saw some new details emerge about the infamous ‘Cloud Hopper’ hack. A new report revealed that the operators of the campaign, the APT10 threat actor group, are still active on the networks of several cloud service providers. The group is believed to have affected several more MSPs than previously reported 14 companies and stolen personal records of more than 100,000 people from the U.S. Navy.

Top Breaches Reported in the Last 24 Hours

Active Network reports a data breach
Active Network’s Blue Bear Software platform had reported an unauthorized activity in its network earlier this year. This had resulted in customers’ PII being exposed. The information possibly accessed included names, payment card expiration dates, security codes, and Blue Bear login credentials. However, the attackers did not access Social Security numbers, driver license numbers or government ID card numbers.

Celebrity addresses posted online
The UK Cabinet Office has inadvertently exposed the personal information of honorees which includes the likes of celebrities. Along with their names, the office had shared their home and work addresses and postal codes. The honorees are the ones who have been recognized for their activity in the arts, sciences, medicine, sports, or government.

Special Olympics hacked
Special Olympics of New York had its email server hacked around this year’s Christmas holiday and was later used to launch a phishing campaign against previous donors. The hack only affected the communications system that stored contact information and no financial data. The phishing email was camouflaged as an alert of an impending donation transaction ($1,942.49) which would be automatically deducted from the target’s account within two hours.

Top Malware Reported in the Last 24 Hours

Thallium hacking group tracked down
Microsoft has successfully taken down 50 web domains of the North Korean government-backed Thallium hacking group. The seized domains were used by the group in different cyberattacks. The domains were used to send phishing emails and host phishing pages. Most targets were based in the U.S., Japan, and South Korea. The goal of many of these attacks was to infect victims with malware such as KimJongRAT and BabyShark.

New details about Cloud Hopper attack
A new investigation has revealed that the infamous Cloud Hopper attack lead by the China-based APT10 hacking group has targeted far beyond the 14 unnamed companies and is still active on several companies’ networks. The latest list of victim organizations has at least a dozen cloud service providers including CGI Group Inc., Tieto Oyj, and IBM Corp. The attack against managed service providers had started around late 2016.


cloud hopper attack
special olympics
active network
thallium hacking group

Posted on: December 31, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite