ShadowTalk Update – 11.19.2018
November 19, 2018
Leaked court documents surfaced this week detailing how Italian authorities tried and ultimately failed to identify and convict the vigilante hacker, Phineas Fisher, best known for the infamous breach against the Italian surveillance and technology company, Hacking Team. Dr. Richard Gold and Harrison Van Riper join Rafael Amado in this week’s edition of ShadowTalk. The team discuss the history of Phineas Fisher, the techniques used to break into the Hacking Team network, and the operational security (OPSEC) practices that allowed Phineas Fisher to remain at large.
New nation-state threat actor uses advanced TTPs to target Pakistan
A newly-observed cyber espionage threat group dubbed The White Company has reportedly been conducting an ongoing campaign called Operation Shaheen against Pakistan’s government and military entities. The campaign used complex obfuscation techniques and incorporated active antivirus detection avoidance measures. Due to the campaign’s technical complexities and apparent goals, the group is likely nation-state–sponsored, though concrete attribution is unknown at the time of writing.
Lazarus Group’s FASTCash malware operations detailed
Security researchers published new details of the TTPs employed in the Lazarus Group malware operation dubbed FASTCash. Using an unknown method, the group first compromised an application server that handles the ATM transaction process and then installed the FASTCash malware, which monitors all monetary withdrawal requests. Once installed, the malware intercepts requests from Lazarus Group operators and issues fake approval commands, distributing money at the ATM. The threat from the FASTCash campaign is assessed to be high because of the campaign’s widespread nature (the malware has affected over 30 countries to date) and the resultant direct financial loss.
Cryptojacking campaign targets Canadian university
An unidentified threat actor targeted a Canadian university in a cryptojacking attack that abused the university’s computational resources to mine Bitcoin. Xavier University disabled their entire network and reset all user passwords in response to the attack. Universities are lucrative targets for cryptojacking campaigns due to their significant computational resources and relatively low levels of cyber security maturity (when compared to other similarly-sized organizations).