Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Cybersecurity Newsletter - 10/08/2020

AjishlalAjishlal Cybersecurity Overlord ✭✭✭

BAHAMUT Group Targeting Governments and Businesses in Middle East and UAE

TYPE: APT

BlackBerry released new research highlighting the true reach and sophistication of one of the most elusive, patient, and effective publicly known threat actors – BAHAMUT.

The report uncovered malicious applications that are directly attributable to BAHAMUT based on configuration and unique network service fingerprints presented. The applications were complete with well-designed websites, privacy policies and written terms of service which helped them bypass safeguards put in place by both Google and Apple.

Those investigated by BlackBerry were determined to be intended for targets in the UAE as downloads were region-locked to the Emirates

 

  READ MORE    

                                                                      

Kraken: Fileless APT attack abuses Windows Error Reporting service

TYPE: APT

On September 17th, Malwarebyte discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism.

That reporting service, WerFault.exe, is usually invoked when an error related to the operating system, Windows features, or applications happens. When victims see WerFault.exe running on their machine, they probably assume that some error happened, while in this case they have actually been targeted in an attack.

While this technique is not new, this campaign is likely the work of an APT group that had earlier used a phishing attack enticing victims with a worker’s compensation claim. The threat actors compromised a website to host its payload and then used the CactusTorch framework to perform a fileless attack followed by several anti-analysis techniques.

  READ MORE    

Category: Water Cooler
Reply

Comments

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Universal Health Services says 250 US facilities were hit by a cyber attack

    TYPE: CYBERCRIME

    Universal Health Services (UHS), a health care network with more than 400 facilities in the United States, Puerto Rico and the United Kingdom, suffered an aggressive cyber attack - perhaps the largest - in US history during the early hours of this Sunday morning that brought down its digital networks, causing chaos in the pace of work of hospitals. The hospital chain, Health Services, has stated that the IT services of its 250 facilities in the US have been affected by last weekend's malware attack and that efforts to restore hospital networks are continuing. The network has not commented on reports that it was attacked by ransomware. BleepingComputer, spoke to UHS employees who described the attack as having the characteristics of Ryuk, which has been widely linked to Russian cyber criminals and used against large companies.

      READ MORE    

Sign In or Register to comment.