π Whatβs going on in the cyber world today?
Earth Minotaur, MOONSHINE, DarkNimbus, Multi-Platform, Attacks, Turla APT, Afghanistan, India, DroidBot, Android Malware, Banking, Crypto, Europe, Payroll Pirates, Phishing Attack, HR Systems, NSO Group, Pegasus Spyware, Mobile Devices, BT Group, Black Basta Ransomware, Hiroshima Bank, Phishing, Fraudulent Transfers, Bobβs Discount Furniture, Customer Info, Iseki Hokkaido, Ransomware, Data Encryption, Brown, ENISA, Cyber Threats, EU Institutions, US, Senators, Department of Defense, Security Failures, Australia, Cybersecurity Awareness, Communities, UK, National Crime Agency, Russia, Crypto, Money Laundering, Tuskira, AI, Security Mesh
Listen to the full podcast
π¨Β Cyber Alerts
1.Β Earth Minotaur Unveils New Malware Arsenal
Researchers have uncovered Earth Minotaurβs use of the MOONSHINE exploit kit and the newly identified DarkNimbus backdoor to carry out multi-platform attacks targeting Tibetan and Uyghur communities. MOONSHINE exploits vulnerabilities in Chromium-based browsers embedded in Android messaging apps, installing the DarkNimbus backdoor on both Android and Windows devices. Earth Minotaur employs social engineering tactics, luring victims with malicious links disguised as legitimate content such as government announcements and cultural videos.
2.Β Turla Exploits Hackers to Target South Asia
The Russia-linked advanced persistent threat (APT) group, Turla, has been implicated in a sophisticated cyber espionage campaign leveraging Pakistani hacker infrastructure. Since December 2022, Turla has exploited command-and-control (C2) servers associated with the Pakistan-based hacking group Storm-0156. This exploitation enabled Turla to deploy custom malware, including TwoDash and Statuezy, targeting Afghan government entities and military organizations in India. By embedding itself within existing cyber campaigns, Turla obscures its activities, making it more difficult to attribute its operations.
3.Β DroidBot Android Malware Targets 77 Apps
DroidBot, a new Android banking malware discovered in December 2024, has been actively targeting over 77 banking and cryptocurrency apps, including prominent platforms like Binance, KuCoin, and Metamask. Since its emergence in June 2024, the malware has been marketed as a malware-as-a-service (MaaS) platform, with affiliates using customizable payloads to tailor attacks to specific targets. Operating primarily in the UK, Italy, France, Spain, and Portugal, DroidBot functions by masquerading as trusted apps such as Google Chrome and Android Security, tricking users into downloading it.
4.Β Payroll Pirates Phishing Targets Employees
A sophisticated phishing campaign, named βPayroll Pirates,β is targeting employees at major organizations such as Kaiser Permanente, Macyβs, and New York Life, aiming to manipulate payroll systems and redirect employee funds. The attackers exploit HR systems like Workday, using a multi-faceted approach that includes malicious search advertising, spoofed HR portals, and credential theft via personal information likely obtained from underground sources.
5.Β Pegasus Spyware Detected on Mobile Devices
Cybersecurity researchers from iVerify have uncovered a troubling rise in infections of the notorious Pegasus spyware, developed by the NSO Group. Through their newly launched Mobile Threat Hunting feature, iVerify detected multiple instances of the spyware on devices belonging to ordinary professionals and civilians, not just high-profile targets like journalists and activists. The investigation revealed a higher-than-expected infection rate, with 2.5 infections per 1,000 scanned devices, suggesting that Pegasus is more widely spread than previously believed.
π₯ Cyber Incidents
6.Β British BT Group Suffers Ransomware Attack
BT Group, the UKβs leading telecom provider, confirmed a Black Basta ransomware attack on its BT Conferencing division, prompting the company to take certain servers offline. The breach allegedly resulted in the theft of 500GB of data, including confidential information and personal documents. While BT assured that live conferencing services remained unaffected, the ransomware gang published evidence on their dark web site, claiming to have stolen sensitive financial and organizational data.
7.Β Hiroshima Bank Faces Phishing Attacks
Hiroshima Bank has taken swift action in response to a series of phishing attacks that have led to unauthorized transfers totaling approximately 60 million yen (around $400,000). These attacks, which have been carried out through fraudulent SMS and email messages impersonating the bank, have raised significant concerns about the security of online banking systems. In an effort to prevent further fraud, the bank has announced that, starting December 6, 2024, it will reduce the transfer limits for inactive personal internet banking accounts.
8.Β Bobβs Discount Furniture Suffers Data Breach
On September 25, 2024, Bobβs Discount Furniture experienced a data breach that exposed sensitive customer information, including names, addresses, email addresses, phone numbers, and My Bobβs credit card/account numbers. Upon discovering unauthorized access to a customer file, the company swiftly implemented response protocols, isolated the incident, and contacted law enforcement, cooperating with their ongoing investigation. To bolster security, Bobβs Discount Furniture has introduced additional measures and is mailing replacement cards to affected customers with physical My Bobβs Cards.
9.Β Iseki Hokkaido Hit by Ransomware Attack
Iseki Hokkaido, a subsidiary of Iseki & Co., Ltd., has confirmed a ransomware attack that resulted in the encryption of electronic data on several of its servers. The attack disrupted the companyβs internal systems, potentially affecting operations and customer services. While the company is working with cybersecurity experts to investigate the incident and assess the extent of the damage, it has yet to release further details about the attackβs impact or the identity of the threat actors behind it. The company has reassured stakeholders that it is taking necessary steps to secure its systems and prevent future breaches.
10.Β New York Based Law Firm Hit With Data Breach
Brown, Gruttadaro, & Prato PLLC, a law firm based in Rochester, NY, has reported a data breach affecting 520 individuals, including one Maine resident. The breach, which occurred on January 24, 2024, was discovered on October 22, 2024, and resulted from an external system hack. The compromised data included personal identifiers. Affected individuals were notified via written notice on December 4, 2024, and offered identity theft protection services through IDX, a ZeroFox company, for 12 months.
π’ Cyber News
11.Β ENISA Reports Rising Cyber Threats in the EU
ENISA, the EUβs Cybersecurity Agency, recently released its first-ever βState of Cybersecurity in the Unionβ report, highlighting a substantial cyber threat level to European institutions between July 2023 and June 2024. The report reveals an escalation in cyber-attacks, with Denial-of-Service (DDoS) and ransomware attacks being the most common, targeting sectors like public administration, transport, and finance. The agency warns that severe disruptions to essential EU institutions are a realistic possibility, emphasizing the growing role of cyber espionage and disinformation, particularly from Russian and Chinese threat actors.
12.Β Senators Urge Probe Into DODβs Security
In response to recent concerns over communication security, U.S. Senators Eric Schmitt and Ron Wyden have called for an investigation into the Department of Defenseβs (DoD) failure to secure its communications. In a letter to the DoD Inspector General, the senators highlighted vulnerabilities in the Pentagonβs unclassified voice, video, and text communications, which lack end-to-end encryption and leave the agency exposed to foreign espionage. They also pointed out that the DoD, despite being one of the largest buyers of wireless services in the U.S., has not used its purchasing power to ensure cybersecurity standards are met by wireless carriers.
13.Β Australia Grants $7M for Cyber Awareness
The Australian government has allocated almost $7 million in grants to enhance cybersecurity awareness among vulnerable communities. The funding, provided through the Cyber Security Awareness Support for Vulnerable Groups program, aims to improve cyber literacy for groups at higher risk of cybercrime and scams, such as First Nations communities, seniors, people with disabilities, and others. Over 200 recipients, including local community leaders, have been supported to deliver educational programs based on the governmentβs Act Now, Stay Secure campaign.
14.Β NCA Disrupts Russian Crypto Money Laundering
The U.K. National Crime Agency (NCA) has successfully led an international operation to dismantle Russian money laundering networks, seizing Β£20 million ($25.4 million) in cash and cryptocurrency. The operation, codenamed βOperation Destabilise,β resulted in the arrest of 84 suspects linked to two Russian-speaking networks, Smart and TGR. These networks were found to facilitate organized crime across the U.K., Middle East, Russia, and South America. In addition to the arrests, the U.S. Department of the Treasury sanctioned five individuals and four entities associated with the TGR Group for evading sanctions using digital assets.
15.Β Tuskira Raises $28.5M for AI Security Mesh
Tuskira, a cybersecurity startup, has raised $28.5 million in a Series A funding round led by Intel Capital to develop an AI-powered security mesh. The company aims to integrate over 150 fragmented security tools into a unified system, providing real-time data and automation to enhance threat defense. Tuskiraβs platform is designed to help enterprises automate critical security tasks across code, cloud environments, applications, and infrastructure.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
