ShadowTalk Update – 10.15.2018
October 15, 2018
In ShadowTalk this week, Digital Shadows’ CISO Rick Holland, Richard Gold and Simon Hall join Rafael Amado to discuss the Hidden Cobra FASTCash ATM campaign. The team also look over the Five Eyes joint report into publicly available hacking tools, and debate whether companies who use MSPs are at greater risk of attack.
China said to have tampered with hardware for espionage
The Chinese government has been blamed for compromising Supermicro hardware to conduct cyber espionage in the United States. Media reports claimed that hardware was allegedly altered in Chinese factories during the manufacturing process, although the story has been heavily refuted. Although there is not currently evidence of any wider campaign, hardware implants and supply chains are very effective attack vectors and will highly likely continue to be targeted during the next year.
Sales intel firm Apollo exposed 200 million-plus records
Sales intelligence firm Apollo experienced a data breach that exposed more than 200 million records with details of individuals and entities. The firm aggregates information from a variety of public sources (including social media) in a database that is used to identify individuals and demographics for advertising. The information was reportedly accessed by external threat actors, whose identities and motives are unknown at this time. Organizations can check whether their data was exposed through the HaveIBeenPwned database. The stolen database will most likely be used for social engineering and spearphishing campaigns.
US, UK, Netherlands call out GRU hacking activity
Several Western states have claimed hacking activity by the GRU: the foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation. The United States Department of Justice unsealed a court filing accusing seven GRU agents of being involved in hacking, influence and disinformation operations between December 2014 and May 2018, which mostly targeted sports and anti-doping institutions. The United Kingdom’s National Cyber Security Centre also published details on the attribution of several Russian cyber attack operations, and the Netherlands accused the GRU of targeting the world’s chemical weapons watchdog, the Organisation for the Prohibition of Chemical Weapons.
FruityArmor APT group blamed for zero-day attacks in Middle East
Cyber security researchers have claimed that the APT group FruityArmor exploited a zero-day vulnerability in targeted attacks against unknown entities in the Middle East. The attacks, first observed in August 2018, were intended to secure privileges on compromised devices. Microsoft has released a patch to address the vulnerability, but future attacks are likely.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.