AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/05/2023

Who’s Behind the DomainNetworks Snail Mail Scam? 

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it. The DomainNetworks mailer may reference a domain that is or was at one point registered to your name and address. Although the letter includes the words “marketing services” in the upper right corner, the rest of the missive is deceptively designed to look like a bill for services already rendered. 


Chinese hackers target European embassies with HTML smuggling technique 

Chinese cyber spies have been targeting the foreign affairs ministries and embassies of European states in recent months, according to new research. The espionage campaign “represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, with a focus on their foreign policy,” researchers from Check Point said Monday. The hackers were spotted using a new delivery method to deploy the modular PlugX malware implant, effectively smuggling it inside HTML documents, something which Check Point warned had “until recently helped the campaign fly under the radar.” 


Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group 

Russian satellite Internet provider Dozor-Teleport was knocked offline in the early hours of June 29, dealing a communications blow to the company’s customers, which according to reports include Russian military and energy interests. The Wagner Group, the mercenary army once fighting for Russia, and now seemingly turned against Putin’s government, claimed it was behind the cyberattack against the satellite communications provider. But experts aren’t convinced. 


New Meduza Malware Targets Wallets, Passwords and Browsers on Windows 

Meduza authors are pushing the malware as a subscription-based service, offering plans for 1-month, 3-month, and lifetime access. Crimeware-as-a-Service (CaaS) operations have become the latest fad in the world of cybercrime, and the Meduza Malware is the newest weapon added to its ever-increasing arsenal. Uptycs Threat researchers report that Meduza Stealer is under active development and boasts comprehensive data-stealing capabilities, along with advanced detection evasion techniques. 


Microsoft denies data breach, theft of 30 million customer accounts 

Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company’s servers and stole credentials for 30 million customer accounts. Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet. Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and OneDrive. 


How the FBI hacked Hive 

When the FBI took down a notorious cybercrime gang known as Hive earlier this year, it did so without arresting a single person. It was a coup that reflects a notable change in the way the agency fights cybercrime — focusing on outwitting hackers and disrupting them from afar rather than detaining them. Most cybercriminals operate in countries that are beyond the reach of U.S. law enforcement. It would have been “heresy” by the old standards of the bureau to celebrate a major case like that without an arrest, deputy attorney general Lisa Monaco said at the RSA security conference in April. But now, she continued, “we’re not measuring our success only with courtroom actions.” 

Related Posts