ShadowTalk Update – 08.06.2018

ShadowTalk Update – 08.06.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
August 6, 2018 | 2 Min Read

In this week’s episode, JP Perez-Etchegoyen, CTO of Onapsis, joins Michael Marriott to talk about the exposure of SAP and Oracle applications, the increase in publicly-available exploits, and the threat actors we have observed targeting the sensitive data held within these applications. Download the full report, ERP Applications Under Fire, to learn more.



Kronos or Osiris: both gods spell trouble for banking customers

The once-prolific banking trojan Kronos has resurfaced in three active campaigns, each using different infection techniques and targeting different geographies. This revived activity coincides with an advertisement on criminal forums for a trojan called Osiris, which has similarities to Kronos and is referenced in one of the campaigns. This could indicate an attempt to rebrand the trojan. Read our recent blog on banking trojans to find out more.

Multi-tiered supply-chain attack identified

Unidentified threat actors successfully targeted “the supply-chain of a supply-chain” to distribute cryptocurrency miner malware. A software vendor hosting additional packages for a PDF editing application was compromised, effectively turning the app’s installer into a malware distributor. The campaign’s overall impact was low, as only a small number of users were impacted. However, this attack method was sophisticated and highlights the increasing risks posed by supply-chain attacks.


Thedarkoverlord returns to target Florida healthcare facility

Extortion threat actor(s) thedarkoverlord posted a link on their Twitter account to a downloadable folder containing potentially sensitive healthcare information. The data had allegedly been sourced from a doctor in Florida, United States, and was likely published after a failed extortion attempt. This latest attack is consistent with thedarkoverlord’s previous targeting of the healthcare sector and use of sensitive data for extortion purposes, meaning such tactics may continue.


Middle East remains a target for cyber espionage activities

The threat group “DarkHydrus” targeted government entities in the Middle East with a custom PowerShell backdoor malware. The group sent spearphishing emails containing Excel Web Query files—text files containing a URL automatically opened by Excel. The Necurs botnet recently exploited this same file type in a campaign to deliver a remote access trojan. DarkHydrus has been active since early 2016, and originally abused legitimate open-source tools for malicious purposes. Their custom backdoor “RogueRobin” was potentially pieced together using code from these tools.



To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Threats to Asset and Wealth Management in 2020-2021

Threats to Asset and Wealth Management in 2020-2021

January 21, 2021 | 10 Min Read

Note: Our findings in this blog stem from...
Azure AD: Auto Validate Exposed Credentials

Azure AD: Auto Validate Exposed Credentials

January 19, 2021 | 3 Min Read

SearchLight customers can now automatically...
ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

January 18, 2021 | 3 Min Read

ShadowTalk hosts Alec, Charles, Austin, and...