ShadowTalk Update – 07.16.2018

ShadowTalk Update – 07.16.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
July 16, 2018 | 2 Min Read

In this week’s ShadowTalk, Digital Shadows’ Russian-speaking security specialist discovered files and source code allegedly related to the Carbanak organized criminal group. The Carbanak malware is a backdoor used by the Anunak (Carbanak) Group to infiltrate financial institutions and steal funds. Richard Gold and Simon Hall join Rafael Amado to discuss the implications for financial services from these revelations. We ask whether this leak represents a threat to organizations, and how businesses can best defend themselves from the techniques used by sophisticated financial criminal groups such as Carbanak. Listen to the latest podcast or read our blog to find out more. 



Middle Eastern entities continue to attract cyber attacks

Two APT phishing campaigns have recently been targeting Middle Eastern institutions. Iranian APT group “Charming Kitten” has been linked to a phishing campaign that used a spoofed version of the website of Israeli cyber-security company ClearSky. Charming Kitten used the spoofed website to host login fields to harvest credentials, but the site was rendered offline within three hours of creation. Also during the past week, an APT spearphishing campaign targeted the Palestinian National Authority, along with other Middle Eastern entities. Malicious emails containing a decoy document were sent in conjunction with a malicious executable file. That campaign has not been attributed to a specific group, but there are several similarities to the work of cyber espionage group “Gaza Cybergang”. Given the political climate in the Middle East, comparable activity will likely occur for the medium- to long-term future (three months or at least a year).


Ransomware adopts cryptocurrency miner as alternative payload

A new variant of the Rakhni ransomware was reported on 05 Jul 2018 by cyber security company Kaspersky. Rakhni, first identified in 2013, uses emails containing weaponized documents to entice victims into inadvertently launching a malicious executable. However, the new variant also scans systems to determine the presence of a Bitcoin folder and confirm whether they have one or two logical processors. Depending on the victim’s machine, the malware would encrypt files and demand a ransom, install a cryptocurrency miner or deploy a worm to spread to additional devices. The incorporation of an alternative cryptocurrency payload into a traditionally ransomware-focused variant means that threat actors are still targeting cryptocurrencies, finding this method profitable and effective.


Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us


Related Posts

It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...