ShadowTalk Update – 09.10.2018

ShadowTalk Update – 09.10.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
September 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and Rafael Amado join Michael Marriott to discuss the latest Department of Justice complaint against an individual working for Chosun Expo, an alleged front for the North Korean state. The individual is accused of involvement in a host of campaigns, including attacks against Sony Pictures Entertainment, banks, defense contractors, and the many victims of the WannaCry ransomware variant. We discuss the most interesting revelations, outlining the different techniques used, and what this all means for organizations.



Simplistic Asacub takes top spot among mobile banking trojans

The Asacub banking trojan has emerged as the most active banking trojan of the past 12 months, surpassing other prolific variants including “Svpeng” and “Faketoken”. Its capabilities and distribution tactics are relatively simplistic, relying on social engineering to target users in Russia, the United States, Germany and former Soviet nations.

Ties alleged between APT10 and China’s security ministry

Individual members of the threat group APT10 (aka STONE PANDA) have allegedly been identified and associated with a department of China’s Ministry of State Security. Although the allegations do not cover all relevant details,  the bloggers who released the incriminating information have previously provided valid information about another Chinese nation-state affiliated group. If accurate, the revelations represent a significant security breach regarding the threat group’s operations; an adjustment to, or cessation of, APT10 activity is a likely response.

MagentoCore script steals payment card data from e-commerce sites

A malicious script dubbed MagentoCore has been detected targeting e-commerce websites using the Magento payment platform to steal customers’ payment card information. The attackers responsible have successfully infected more than 7,300 individual shops to date, and are actively targeting 50-plus additional shops per day. The attacks demonstrate the same tactics as another financially motivated campaign conducted by the threat group “MageCart”, which has been active since 2015. That campaign and the MagentoCore attacks are likely operated by the same threat actors.

New Fallout exploit kit shows potential for popularity

Researchers at cyber-security company Nao Sec identified a new exploit kit, “Fallout”, which is closely related to the “Nuclear Pack” exploit kit. Fallout was observed on 29 Aug 2018 targeting the vulnerabilities CVE-2018-4878 and CVE-2018-8174. The exploit kit is customizable and will probably become a popular tool for threat actors due to its remote capabilities; there are no reports of Fallout having been used in a malicious attack to date.


To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Azure AD: Auto Validate Exposed Credentials

Azure AD: Auto Validate Exposed Credentials

January 19, 2021 | 3 Min Read

SearchLight customers can now automatically...
ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

January 18, 2021 | 3 Min Read

ShadowTalk hosts Alec, Charles, Austin, and...
Targets and Predictions for the COVID-19 Threat Landscape

Targets and Predictions for the COVID-19 Threat Landscape

January 14, 2021 | 7 Min Read

Note: This blog is part of our ongoing...
Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

January 13, 2021 | 9 Min Read

It’s often the case that a sequel to a...