In today’s edition: Google Bots, Malware, Carderbe Supply Chain Attack, Hong Kong, HiatusRAT, Space, Tesla Data Breach, Seiko, BlackCat Ransomware, Japan, The Bad God, Vietnam, Energy One, Australia, Kansai Nerolac, India, Mozilla, Internet Freedom, France, Cyber Exploration, UK, Latitude Financial, CypherRAT and CraxsRAT Developer.
The deployment of fraudulent AI bots by cybercriminals to spread malware has raised significant security concerns. ESET security researchers unveiled a campaign triggered by a Facebook ad promoting a supposed version of Google’s legitimate AI tool, “Bard.” Closer scrutiny exposed irregularities in the ad’s language, time-stamped comments, and suspicious links, revealing a broader pattern of fake “Google AI” ads potentially part of a larger campaign.
The Cybersecurity and Infrastructure Security Agency , National Security Agency, and National Institute of Standards and Technology have released a joint fact sheet titled “Quantum-Readiness: Migration to Post-Quantum Cryptography.” This publication aims to raise awareness among organizations, particularly those supporting Critical Infrastructure, about the implications of quantum capabilities and the need for early planning to transition to post-quantum cryptographic standards through the development of Quantum-Readiness Roadmaps.
Cybersecurity experts from the Symantec Threat Hunter Team have unveiled a clandestine threat known as Carderbee, previously hidden in the shadows, orchestrating a sophisticated software supply chain assault primarily targeting organizations situated in Hong Kong and other Asian regions. Carderbee exploits a trojanized version of EsafeNet Cobra DocGuard Client, masquerading as legitimate software, to unleash the infamous PlugX backdoor into victim networks. Astonishingly, the attackers employ malware signed with a genuine Microsoft certificate, making their activities even more elusive.
The Cybersecurity and Infrastructure Security Agency has included a new vulnerability in its Known Exploited Vulnerabilities Catalog. The added vulnerability, CVE-2023-26359, pertains to the Adobe ColdFusion Deserialization of Untrusted Data Vulnerability. This catalog is crucial in addressing significant risks to federal enterprises posed by frequent attack vectors utilized by malicious cyber actors. CISA encourages not only Federal Civilian Executive Branch agencies but all organizations to promptly remediate these vulnerabilities as a pivotal aspect of their vulnerability management practices.
The HiatusRAT malware has resurfaced with renewed vigor, launching a fresh series of reconnaissance and targeting assaults on Taiwanese organizations and a U.S. military procurement system. The actors have evolved their tactics, utilizing recompiled malware samples hosted on new virtual private servers (VPSs) to orchestrate their audacious campaign. The audacity of their actions, coupled with their ability to adapt, underscores the critical importance of proactive cybersecurity measures.
The FBI, NCSC, and AFOSI have jointly issued a warning to the US space industry about heightened targeting and exploitation by foreign intelligence entities (FIEs). With the US being a major player in the global space economy, the country’s space sector is an appealing target for FIEs seeking technological advantages. These entities employ a range of tactics including cyberattacks, supply chain compromises, and strategic investments to gain access. The agencies highlight that the impact extends beyond national security to economic security and global competition in the sector. They advise US space organizations to enhance security measures, establish insider threat programs, secure critical assets, and collaborate with law enforcement if they believe they are at risk.
Tesla has officially disclosed a significant data breach affecting approximately 75,000 individuals, attributing the breach not to a malicious cyberattack, but rather to a whistleblower leak. The breach, uncovered in May, was a result of former employees forwarding confidential data to German media outlet Handelsblatt, breaching Tesla’s IT security and data protection policies. The compromised information includes personal data such as names, contact details, and employment-related records of both current and former employees, prompting Tesla to extend credit monitoring and identity protection services to the affected parties.
A cybersecurity breach has targeted Seiko, a renowned Japanese watchmaker, as the notorious BlackCat/ALPHV ransomware gang adds the company to their list of victims. Seiko, boasting a long history and a substantial workforce of approximately 12,000 employees, encountered an unauthorized breach of its IT infrastructure, leading to the exposure of sensitive data. The breach, which was initially disclosed by Seiko on August 10th, has taken a new turn as the BlackCat group takes responsibility, showcasing stolen data samples that include production plans, employee passport scans, proprietary technical schematics, and even watch designs.
The thriving Vietnamese fashion brand The Bad God falls victim to a data breach, as a user named “Serk3t” boldly presents a treasure trove of customer records exceeding 400,000. The breach, characterized by its audacious promotion on a hackers’ forum, highlights the cybercriminal’s use of cryptocurrency payment methods for data exchange.
Australian software provider Energy One acknowledged falling victim to a cyberattack. Known for its software solutions in the energy sector, the company experienced the attack affecting systems in Australia and the U.K. Energy One has initiated an investigation into the incident and has taken measures to safeguard its systems, while collaborating with cyber authorities to ensure appropriate actions are taken.
Kansai Nerolac Ltd., a prominent player in India’s paint manufacturing sector, has found itself grappling with a significant cyber threat as it reported a ransomware incident on a Sunday evening. The company’s IT infrastructure fell victim to a targeted ransomware attack, impacting several systems. Assuring prompt response, Kansai Nerolac’s technical and cybersecurity experts, along with the management, immediately activated precautionary measures to mitigate the attack’s impact and restore the affected systems. Although the exact financial implications of the incident remain undisclosed, the company is actively working towards resolving the issue while keeping stakeholders updated on their progress.
The French government’s proposed bill, set for a fall vote, has stirred controversy by granting authorities the power to provide a list of websites to browser providers for mandatory browser-level blocking. While the bill aims to combat fraud, online harassment, and protect minors from accessing explicit content, critics argue that it could establish a global precedent for restricting freedom of expression. Mozilla Foundation, among others, opposes the bill, advocating for an approach that utilizes existing cybersecurity mechanisms instead of government-controlled website blocklists on devices, asserting that it would better serve the legislation’s goals and safeguard the open internet.
Cybersecurity minister Viscount Camrose emphasized the importance of breaking down barriers and providing young people with opportunities to gain skills that can kick-start their careers in cyber. The program comes at a time when the UK faces a cybersecurity skills shortage, with 50% of businesses having basic skills gaps and 3% having advanced gaps. While the industry shortage has decreased slightly from the previous year, collaboration between government and education sectors, as exemplified by Cyber Explorers, is seen as a critical step toward addressing this challenge.
Australian lender Latitude Financial has reported significant financial impact due to a recent cyberattack, revealing that the attack has incurred costs of AU$76 million (approximately US$50 million). The consumer lender’s financial report for the first half of 2023 highlights the substantial pre-tax costs and provisions linked to the cyber incident, which initially estimated up to AU$105 million (about US$70 million). The attack, attributed to a ransomware group, has not only led to financial losses but has also negatively affected various aspects of the company’s operations.
Cybersecurity firm Cyfirma has successfully identified the long-elusive figure behind the creation of the CypherRAT and CraxsRAT remote access trojans (RATs). Operating under the online alias ‘EVLF DEV’ from Syria for nearly a decade, this individual has raked in over $75,000 by peddling these malicious RATs to various threat actors. In addition to being a developer, EVLF also runs a malware-as-a-service (MaaS) operation. Particularly concerning is the availability of CraxsRAT, an Android RAT that offers threat actors customization options for attacks, including WebView page injections. The RAT’s builder is equipped with obfuscation techniques and permissions manipulation to enhance its stealth capabilities.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: