Shadow Talk Update – 05.14.2018

Shadow Talk Update – 05.14.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
May 14, 2018 | 3 Min Read

In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We discuss vulnerabilities in Microsoft Office (CVE-2018-8174) and basestriker. And, finally, we outline the fall out surrounding the Olympus dark web marketplace.

 

Chinese state-associated threat actors linked under one umbrella

Individual threat groups and actors conducting politically motivated operations have been identified as working in one Chinese state-associated collective, known as the Winnti umbrella group. Identification of this group was made possible by operational security mistakes made by some of the actors and groups, which revealed overlapping command-and-control (C2) infrastructure used in operations previously seen as unrelated. One favored tactic among the attackers was the theft of code-signing certificates from software companies, which were then used in later attacks to obfuscate malicious components. The collective demonstrated varying technical capabilities but were persistent in their approach, and should be considered a highly credible threat.

 

Patch delay leaves Intel CPUs vulnerable to exploitation

Technology company Intel has delayed the release of security patches designed to address newly identified flaws affecting their CPUs. The delay means the vulnerabilities may be publicly disclosed before patches are made available. These “Spectre-NG” vulnerabilities relate to previous “Spectre and “Meltdown vulnerabilities, and could be exploited by attackers to secure control of a compromised system. The initial patches were due to be released on 21 May 2018, with additional patches to be released in August 2018.

 

Cryptocurrency miners target multiple exploits

A new cryptocurrency mining campaign is targeting three exploits to distribute a variant of mining malware. The vulnerabilities affected the Oracle WebLogic Server, Apache Struts 2 and the Server Message Block v1 server in the Microsoft Windows operating system. The third flaw is known as “ETERNALBLUE”, an exploit previously assessed to have been developed by the United States National Security Agency and publicly released by the “Shadow Brokers threat group in April 2017. Patches are available for all the vulnerabilities.

 

Zero-day exploitation of CVE-2018-8174 attributed to DarkHotel group

Security company Qihoo360 reported that espionage group DarkHotel (aka APT-C-06) has exploited a zero-day vulnerability to target China-based foreign trade entities. The patch for the flaw was released by Microsoft on 08 May 2018, and is the first observed use of the URL Moniker programming architecture to load an Internet Explorer exploit. The flaw enables an attacker to render a webpage using the Internet Explorer engine, even if Internet Explorer is not set as the default browser on the device.

 

Subscribe to our weekly newsletter to get the latest podcast and other research by Digital Shadows.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...