AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/13/2019

1 – ‘Canadian eyes only’ intelligence reports say Canadian leaders attacked in cyber campaigns

Russia is one of the hostile foreign states that has targeted Canada in recent “cyber influence” campaigns, according to secret intelligence records obtained exclusively by Global News. The records from Canada’s Communications Security Establishment (CSE) — labelled “Secret: Canadian Eyes Only” — say that due to their policies in eastern Europe, then-Minister of Foreign Affairs Chrystia Freeland and Minister of National Defence Harjit Sajjan are among the Canadian targets of “cyber influence activity to cause reputational damage.”


2 – TrickBot gang is now a malware supplier for North Korean hackers

A report published today reveals that North Korea’s government-backed hacking units are renting access to elite hacking tools and access to hacked networks from the operators of the TrickBot botnet. The revelation comes to confirm a trend observed in recent years — namely that the lines between regular cybercrime and nation-state cyber-espionage operations are blurring. This trend came to light in 2017 when a report revealed how the mastermind behind the GameOver Zeus malware botnet had been helping Russian intelligence gather sensitive documents from the computers he was infecting.


3 – CRTC issues $115,000 in penalties to stop the spread of malicious software

The CRTC’s Chief Compliance and Enforcement Officer today issued a penalty of $100,000 to John Paul Revesz and Vincent Leo Griebel, partners operating under the business name Orcus Technologies, for developing, selling and promoting malware. An additional penalty of $15,000 was issued to John Paul Revesz for operating a secure dynamic domain name service that was allegedly used by hackers to communicate with a variety of infected machines. The investigation found that Orcus Technologies marketed and sold a Remote Administration Tool under the name Orcus RAT.


4 – Iran Says Repelled a ‘Highly Organized Cyber Attack’

An Iranian minster said Wednesday the Islamic republic had recently thwarted a “highly organiz ed cyber attack” targeting its e-government infrastructure. The threat “was successfully identified and repelled by the country’s cyber security shield,” said telecommunications minister Mohammad Javad Azari Jahromi, according to the ISNA and Mehr news agencies.  The minister described the attack as “really massive” and “state-sponsored,” according to statements reported by Mehr. “I can’t disclose any details right now,” he said, adding that he could also not yet disclose which country allegedly attempted the attack. But “there will certainly be a report on it later,” he said.


5 – Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand

The operators behind the Maze Ransomware have claimed responsibility for the cyberattack affecting the City of Pensacola, Florida, but state that they are not affiliated with the recent shooting at NAS Pensacola. In an email conversation with BleepingComputer, the operators of the Maze Ransomware stated that they were responsible for encrypting the city’s data and have demanded a $1,000,000 ransom for a decryptor. When Maze targets a network, they will steal the victim’s files before they are encrypted. The attackers then tell the victim that they will publicly release these files unless the ransom is paid.


6 – Forget quantum supremacy: This quantum-computing milestone could be just as important

A local bus bouncing its way through downtown Lisbon and onto its elegant waterfront might seem an unlikely vehicle to deliver the weird future of quantum computing.  The bus itself is unremarkable, its journey from the outskirts of Portugal’s capital into the city centre largely indistinguishable from most of the other buses on the busy roads. But this bus, and a few others like it, represents one of the first real-world usages of quantum computing. For the pilot project in Lisbon last month, by Volkswagen and quantum-computing company D-Wave, 26 bus stops were connected to form four bus links. One of these ran from the WebSummit conference facility to the Marqués de Pombal traffic node in the city center — the route taken by ZDNet on its journey into the city.


7 – Joker’s Stash Celebrates Turkey Day With Stolen Card Data

The notorious Joker’s Stash marketplace for fraudsters has recently listed a large trove of personally identifiable information for sale, featuring a massive quantity of stolen payment cards issued by Turkish banks. So warns Singapore-based cybersecurity firm Group-IB, which says Joker’s Stash, a popular cybercrime “carder” shop that sells PII and stolen credit and debit card data, listed more than 460,000 such records from Oct. 28 to Nov. 27. The stolen payment data predominantly traces to Turkey’s 10 largest banks, Group-IB says. “Cards from Turkey are very rare on the card shops; in the past 12 months this is the only big sale of payment cards related to Turkish banks,” the company says. In its entirety, the data is retailing for about $500,000, the security firm says, noting that the data appears to be brand new.


8 – Arrest Data Exposed by South Carolina Firm Included Personal Info of Juvenile Suspects [Updated]

Sensitive data related to thousands of arrests in the state of South Carolina were discovered exposed online last month by a California-based security company, Gizmodo has learned. A small percentage of those arrested were considered juveniles at the time of the arrest, said researchers who examined the data. Spartan Technology, the company responsible for the arrest records described in this story, sent Gizmodo an additional update after it confirming the incident. The company now says the records were only used for testing and that the Social Security numbers were mismatched intentionally with the names that accompany them as a precaution. New comments from CEO Eddie Pruitt and UpGuard have been added at the bottom of this story.


9 – Russian police raid NGINX Moscow office

Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet’s most popular web server technology. Equipment was seized and employees were detained for questioning. Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code. The Rambler Group is the parent company of rambler.ru, one of Russia’s biggest search engines and internet portals.


10 – Microsoft Warns of GALLIUM Threat Group Attacking Global Telcos

The Microsoft Threat Intelligence Center (MSTIC) today published an alert about ongoing attacks directed at telecommunication providers from around the world and operated by a threat group tracked by Microsoft as GALLIUM. “GALLIUM is one of many ActivityGroups we see targeting telcos through SE Asia + Europe + Africa,” according to one MSTIC analyst. The hacking group exploits unpatched vulnerabilities to compromise Internet-exposed systems running WildFly/JBoss application servers.

Related Posts