In this issue, we explore recent cyber threats, including AMBERSQUID Cryptojacking, ‘Earth Lusca’s Linux Backdoor, APT36’s Spyware, Advanced Bumblebee Malware’s return, 12,000 vulnerable Juniper Firewalls, and Germany’s gas terminal cybersecurity concerns.
Explore these stories: Mark Cuban’s $870K MetaMask Wallet Hack, Massive Microsoft Data Breach, USDoD’s TransUnion Data Leak, and Major North Carolina Hospitals’ Clop Gang Breach.
n the realm of cybersecurity, recent highlights include North Korea’s Lazarus APT Group stealing $240 million in crypto, an international betting scam exposed by law enforcement, crypto scammers amassing $1 million through a ‘Pig Butchering’ scheme, the Texas National Guard and Chilean Army reinforcing cybersecurity in a joint exercise, and Dragos securing $74 million for OT security expansion in Europe and Asia.
🚨 Cyber Alerts
1. Novel Cryptojacking Operation on AWS
A cloud-native cryptojacking campaign, known as Ambersquid, has emerged as a significant threat, focusing its efforts on lesser-known Amazon Web Services offerings like AWS Amplify, AWS Fargate, and Amazon SageMaker to surreptitiously mine cryptocurrencies. This operation has been uncovered by Sysdig, a prominent cloud and container security firm, who revealed that AMBERSQUID was able to exploit AWS services without raising resource approval alerts.
2. Chinese Hacker’s Advanced Linux Espionage
A Chinese hacker known as ‘Earth Lusca’ has been targeting government agencies across multiple countries, employing a newly discovered Linux backdoor called ‘SprySOCKS.’ This malware, analyzed by Trend Micro, appears to be a fusion of different malware strains, borrowing functions from both Windows and Linux malware. Earth Lusca’s attacks, primarily focused on foreign affairs, technology, and telecommunications institutions, spanned Southeast Asia, Central Asia, the Balkans, and other regions.
3. APT36’s CapraRAT Exploits YouTube Deception
The APT36 hacking group, also known as ‘Transparent Tribe,’ has been spotted employing deceptive Android applications resembling YouTube to propagate their custom remote access trojan, ‘CapraRAT.’ Once the malware infiltrates a victim’s device, it operates like a spyware tool, enabling data harvesting, audio and video recording, and access to sensitive communication data.
4. Bumblebee Malware Returns with New Tactics
The notorious malware loader known as ‘Bumblebee’ has reemerged after a two-month hiatus, launching a fresh campaign that leverages innovative distribution methods exploiting 4shared WebDAV services. Intel471’s researchers have uncovered this latest offensive, which commenced on September 7, 2023, and capitalizes on 4shared WebDAV services for loader distribution and post-infection activities.
5. Juniper Firewall Vulnerability Alert
New research has unveiled a significant security risk, as nearly 12,000 internet-exposed Juniper firewall devices are susceptible to a recently disclosed remote code execution vulnerability. Discovered by VulnCheck, this exploit for CVE-2023-36845 poses a grave threat, allowing unauthenticated remote attackers to execute arbitrary code on Juniper firewalls without leaving any trace. The issue affects older systems and can be exploited using a single cURL command, making it essential for users to promptly apply patches to safeguard their networks against potential cyber threats.
6. Germany Warns of Gas Terminal Cyber Risk
Germany’s foreign intelligence service head, Bruno Kahl, has cautioned about the vulnerability of liquefied natural gas (LNG) terminals to state-sponsored cyberattacks. In response to Russia’s impact on Germany’s GDP due to gas dependency, the country initiated plans for new LNG terminals, which Kahl believes could become targets for future cyber threats. He emphasized Russia and China as major cyber threats to Germany, noting that even smaller states like North Korea, Vietnam, and Iran are investing in cyber capabilities to achieve significant impacts in the digital realm.
💥 Cyber Incidents
7. Billionaire Mark Cuban’s Wallet Hack
Billionaire entrepreneur and investor Mark Cuban recently faced an unfortunate crypto hack, resulting in an $870,000 loss in various cryptocurrencies stored in his MetaMask wallet, as reported by DL News. The attack was discovered by on-chain investigator Wazz, who noticed unusual transactions in the wallet that had been dormant for over five months, labeled “Mark Cuban 2” on EtherScan.
8. Microsoft Exposes 38TB of Sensitive Data
Researchers at Wiz have uncovered a significant security breach at Microsoft involving the exposure of 38 terabytes of private data during a routine open-source AI training material update on GitHub. This exposed data encompasses a backup of employees’ workstations, corporate secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The breach occurred due to misconfiguration in sharing Azure Storage account data using SAS tokens.
9. TransUnion Data Breach by USDoD
Sensitive data from consumer credit reporting agency TransUnion has been leaked by a threat actor known as “USDoD,” according to vx-underground researchers. The breach includes personal information of 58,505 individuals across the globe, with details such as names, passport information, birthdates, employment data, financial transactions, credit scores, and more.
10. Cl0p Gang Hits North Carolina Hospitals
Healthcare technology firm Nuance has identified the Cl0p extortion gang as responsible for a series of data thefts at major North Carolina hospitals during the Progress MOVEit Transfer campaign. This campaign, which exploited a zero-day vulnerability in the MOVEit Transfer platform, affected healthcare providers like Atrium Health, Duke University Health System, and Novant Health, among others.
📢 Cyber News
11. Cryptocurrency Heists by Lazarus APT
A recent report from blockchain cybersecurity firm Elliptic reveals that the North Korea-linked APT group Lazarus has managed to steal over $240 million worth of cryptocurrency in just 104 days since June 2023. Their targets include Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), Stake.com ($41 million), and the professional global cryptocurrency exchange CoinEx ($31 million).
12. Match-Fixing Ring Foiled by Police
Spanish police, in collaboration with Europol and Interpol, have dismantled a sophisticated illegal betting and match-fixing ring. This criminal network, initially identified in 2020, engaged in corrupting athletes, including football players in Romania, and placing suspicious bets on various sporting events. What makes this case unique is their use of satellite technology to gain an advantage by obtaining live feeds of matches before legitimate bookmakers, allowing them to make bets with insider knowledge.
13. Pig Butchering Scam Nets $1M
Researchers from Sophos have unveiled a highly sophisticated cryptocurrency scam, dubbed ‘pig butchering,’ which has stolen over $1 million in just three months. The operation involved 14 domains and numerous nearly identical fraudulent websites, with scammers using fake trading pools in decentralized finance apps to defraud victims.
14. US & Chile Joint Cybersecurity Exercise
The Texas National Guard and the Chilean Army have conducted a joint cybersecurity exercise in Santiago, focusing on enhancing their capabilities and addressing vulnerabilities in the event of a cyber attack. This exercise, part of the long-standing State Partnership Program, aimed to strengthen the bonds between the two countries’ military forces and bolster their readiness to respond to cyber threats. The collaboration underscores the importance of international cooperation in the face of evolving cybersecurity challenges and the need for ongoing skills development in the cyber-intelligence field.
15. Security Firm Dragos Raises $74 Million
A significant $74 million investment is set to fuel Dragos’ expansion plans in Europe and Asia, with a particular focus on enhancing operational technology (OT) security in these regions. The investment comes as updated cybersecurity regulations impact smaller organizations in the European Union, and as cyber insurance providers increasingly require the use of security tools like those provided by Dragos to combat the growing threat of ransomware.
Copyright © 2023 CyberMaterial. All Rights Reserved.
