Anne Neuberger, the top cyber official at the National Security Council, released an open letter warning organizations to take actions to prevent risks. Fujifilm, the Japanese conglomerate, has fallen victim to the massive ransomware attack. Malicious actors accessed without authorization the company’s servers and the entity has been forced to shut down its network. It took the company 2 days to investigate the scope of the attack that has affected the entity’s phone and email services.
According to Vitali Kremez, CEO at Advanced Intel, Fujifilm was hit with the Qbot Trojan in May and the malicious actors behind this attack are suspected of committing the recent ransomware crime since they have been working with the REvil ransomware gang. This ransomware group has been responsible for committing attacks against JBS and Colonial Pipeline. Due to the high level of digital risks, the White House has issued special warning to organizations.
The Chinese threat actors have created the special backdoor used in cyberespionage campaigns. According to Check Point Research, it took the Chinese actors 3 years to design, develop, test, and deploy the backdoor to attack the systems of the Ministry of Foreign Affairs of the Southeast Asian government. The spear phishing messages impersonated other departments of the same government. The malicious actors were using the weaponized, official-looking documents sent via email to target members of staff.
When victims open the files attached, the deployment of Royal Road takes place. The exploitation of Microsoft Word’s Equation Editor vulnerabilities (CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802). The Chinese threat actors developed the backdoor to spy and exfiltrate data to a command-and-control server (C2). The server may be also used to grab and execute additional malware payloads.
Over $83 million were intercepted by the police in Asia at the result of the 6-month Operation Haechi-i that was aimed at combating money laundering activities, investment fraud, and romance scams related to illegal online gambling, voice phishing, and online sextortion. As a result of the operation carried out by Interpol, 1,600 bank accounts were frozen, 585 arrests took place, and 1,400 individual criminal investigations were initiated. As of now, 892 cases have been solved.
The cross-border collaboration is required to address the issue of financial cybercrime. And the operation initiated by Interpol is a great example of international collaboration since the law enforcement officers from Cambodia, South Korea, Indonesia, Singapore, China, and other countries were involved in this operation. The Haechi-i operation was the first operation in a series of anti-cybercrime operations that will be carried out within the next 3 years.
JBS, the largest meat processing company in the world, experienced a ransomware attack initiated by the Russian cybercriminal group. Due to the cyber attack some of the JBS operations in Canada, Australia, and the USA were shut down. According to JSB, the ransom has been demanded by the gang from Russia. JBS informed the FBI about the incident and the latter contacted the Russian government for clarifications.
According to the statement made by the FBI, the JBS attack is likely to be attributable to REvil and Sodinokibi malicious groups. Most of the members of the REvil group are based in Russia and other countries of the former Soviet Union. The issue of cyberattacks will be among topics discussed during the official meeting of Joseph Biden and Vladimir Putin that will take place in 2 weeks. JBS has not disclosed whether the payment of ransom to threat actors took place.
Huge prizes are offered to cybercriminals for compromising cryptocurrency services. Such competitions are launched by cybercriminals to develop new offensive techniques and methods to compromise even highly protected systems. According to Intel 471, the underground competition run by the Russian operators for the last month has been focused on identifying new methods to target cryptocurrency technologies. Criminal cyber actors are interested in developing non-standard methods to compromise crypto wallets to steal Bitcoin and Ethereum. The authors of the best method could earn up to $100,000.
The underground forums are not a new event in the cyberworld. Such forums are organized regularly and the key reason behind the forum in question is related to the fact that cryptocurrency has become a very lucrative instrument. There are a number of crypto and blockchain-related vulnerabilities that malicious actors are actively trying to exploit.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.