We're Moving! - Websites, That Is
Threat Intelligence / ShadowTalk Update – 11.19.2018

ShadowTalk Update – 11.19.2018

ShadowTalk Update – 11.19.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
November 19, 2018 | 2 Min Read

Leaked court documents surfaced this week detailing how Italian authorities tried and ultimately failed to identify and convict the vigilante hacker, Phineas Fisher, best known for the infamous breach against the Italian surveillance and technology company, Hacking Team. Dr. Richard Gold and Harrison Van Riper join Rafael Amado in this week’s edition of ShadowTalk. The team discuss the history of Phineas Fisher, the techniques used to break into the Hacking Team network, and the operational security (OPSEC) practices that allowed Phineas Fisher to remain at large.

 

 

New nation-state threat actor uses advanced TTPs to target Pakistan

A newly-observed cyber espionage threat group dubbed The White Company has reportedly been conducting an ongoing campaign called Operation Shaheen against Pakistan’s government and military entities. The campaign used complex obfuscation techniques and incorporated active antivirus detection avoidance measures. Due to the campaign’s technical complexities and apparent goals, the group is likely nation-state–sponsored, though concrete attribution is unknown at the time of writing.

 

Lazarus Group’s FASTCash malware operations detailed

Security researchers published new details of the TTPs employed in the Lazarus Group malware operation dubbed FASTCash. Using an unknown method, the group first compromised an application server that handles the ATM transaction process and then installed the FASTCash malware, which monitors all monetary withdrawal requests. Once installed, the malware intercepts requests from Lazarus Group operators and issues fake approval commands, distributing money at the ATM. The threat from the FASTCash campaign is assessed to be high because of the campaign’s widespread nature (the malware has affected over 30 countries to date) and the resultant direct financial loss.

 

Cryptojacking campaign targets Canadian university

An unidentified threat actor targeted a Canadian university in a cryptojacking attack that abused the university’s computational resources to mine Bitcoin. Xavier University disabled their entire network and reset all user passwords in response to the attack. Universities are lucrative targets for cryptojacking campaigns due to their significant computational resources and relatively low levels of cyber security maturity (when compared to other similarly-sized organizations).

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...