AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/01/2022

State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage

Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine was unfolding, Check Point Research (CPR) has observed advanced persistent threat (APT) groups around the world launching new campaigns, or quickly adapting ongoing ones to target victims with spear-phishing emails using the war as a lure. The attackers use decoys ranging from official-looking documents to news articles or even job postings, depending on the targets and region. Many of these lure documents utilize malicious macros or template injection to gain an initial foothold into the targeted organizations, and then launch malware attacks.


Apple and Meta shared data with hackers pretending to be law enforcement officials

Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses. Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.


Russia Prepares Destructive Cyberattacks

Russia is preparing disruptive cyberattacks that could target U.S. energy and financial industries to cause further pain to the Biden administration, in retaliation for heavy sanctions against the Kremlin for its invasion of Ukraine, several people familiar with the matter told Foreign Policy. The FBI warned five U.S. energy companies in mid-March that computers using Russian internet addresses had been scanning their networks, in a possible prelude to bigger cyberattacks. Top U.S. cybersecurity officials have warned that Russia is looking to conduct disruptive or destructive digital attacks, as opposed to conducting routine espionage. 


Spring patches leaked Spring4Shell zero-day RCE vulnerability

Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed ‘Spring4Shell’ was briefly published on GitHub and then removed. However, as nothing stays hidden on the Internet, the code was quickly shared in other repositories and tested by security researchers, who confirmed it was a legitimate exploit for a new vulnerability.


About half of the crypto donation campaigns for Ukraine were scams, says blockchain research report

Millions of dollars worth of crypto donations have flooded into Ukraine since Russia invaded last month, but about half of the purported humanitarian campaigns were scams, according to a new report by blockchain research firm TRM. Based on data TRM collected from 50 distinct crypto-donation campaigns to send funds to humanitarian or military efforts in Ukraine, “obvious scam” campaigns comprised about half of them. TRM researchers noted that the surge in global attention and people’s eagerness to donate to Ukraine created an opportunity for scammers to promote fake fundraisers. Organizations used mock-campaign names like Support Ukraine, Ukraine-Fund, and Ukraine NOW to lure donations. 


Apple updates macOS, iOS, and iPadOS to fix possibly exploited zero-day flaws

Apple has released updates for many of its operating systems, fixing vulnerabilities that the tech giant says may be under active exploitation. Affecting macOS, iOS, and iPadOS is CVE-2022-22675, a bug in the audio and video decoder which allows an application to run arbitrary code with kernel privileges. The fix is contained in iOS 15.4.1 and iPadOS 15.4.1, which is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and 7th gen iPod touch. The iOS release also fixed a battery drain issue.

Related Posts