Digital Shadows is now a ReliaQuest Company
Threat Intelligence / ShadowTalk Update – 06.25.2018

ShadowTalk Update – 06.25.2018

ShadowTalk Update – 06.25.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
June 25, 2018 | 3 Min Read

In this week’s ShadowTalk, Simon Hall and Richard Gold join Michael Marriott to discuss the merits and perils of attribution, including the number of characteristics and variables required for a strong attribution, instances where attribution has succeeded, and whether organizations should care.


In the spotlight: TG-3390 deemed responsible for watering hole attacks

A national data center in Mongolia was reportedly compromised by the Chinese state-linked threat group TG-3390 (aka Emissary Panda, APT-27, Lucky Mouse) to conduct watering hole attacks. Legitimate websites were compromised to infect their visitors’ machines with the “HyperBro” trojan. The group used an anti-detection launcher and decompressor for obfuscation, developed by penetration testing software company Metasploit.


Olympic Destroyer threat group switches target sectors

The Olympic Destroyer threat group, attributed with attacks in February 2018 on entities associated with the 2018 Winter Olympic Games, has changed its focus. Recent information-gathering attacks were observed against financial institutions in Russia and biological and chemical threat-prevention laboratories in Europe. Reporting did not specify which companies have been targeted to date. The true intentions and motives of the threat group are unknown; information gathering is often conducted as an early stage, so additional attacks attributed to Olympic Destroyer will likely be observed in the short-term future (next three months).


Financial services provider extorted following data breach

South Africa-based financial services provider Liberty Life was subjected to a data breach and extortion attempt by an unidentified threat actor. The company confirmed an individual had requested payment after alerting them to vulnerabilities affecting their systems. Liberty Life subsequently detected unauthorized access to its IT infrastructure, and the theft of sensitive information. This incident highlights a trend of financially motivated threat actors seeking reward for identifying flaws, then exploiting the flaws when payment is not forthcoming. Liberty Life has publicly stated it has no intention of meeting the payment demands.


PoC code released for Adobe Acrobat vulnerability

PoC code for a remote code execution vulnerability affecting Adobe Acrobat, CVE-2018-4990, was published to GitHub on 18 Jun 2018. The flaw was first reported as having been exploited in the wild in March 2018, alongside a Microsoft Windows privilege escalation vulnerability (CVE-2018-8120). If exploited together, the vulnerabilities allow an attacker to gain an initial foothold and bypass sandbox protection mechanisms. The publication of the PoC code is highly likely to encourage its adoption by threat actors with varying motives for other attacks in the immediate future (next few days or weeks).

Related Blog Posts

Cyber threats to the 2022 Italian elections

Cyber threats to the 2022 Italian elections

September 22, 2022 | 6 Min Read

  When Mario Draghi formed a national unity...
What we’re reading this month: September 2022

What we’re reading this month: September 2022

September 21, 2022 | 7 Min Read

In this months episode of the what we’re...
Vulnerability Intelligence Roundup: Five RCE Vulnerabilities to Prioritize in September

Vulnerability Intelligence Roundup: Five RCE Vulnerabilities to Prioritize in September

September 20, 2022 | 4 Min Read

If you have ever watched a movie or television...