Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Michael Marriott, Dr Richard Gold and Simon Hall discuss our recent findings on threat actors using cracked versions of Cobalt Strike to conduct their attacks in this week’s ShadowTalk. Cobalt Strike is a powerful platform for performing offensive cyber operations, containing a wide variety of tools for conducting spear phishing and web drive-by attacks to gain initial access. While it’s used widely by security teams – including in Digital Shadows’ own internal Purple Team assessments – we’ve seen it being used for illegitimate purposes by threat actors as well. Listen to this week’s episode to find out how defenders can use this knowledge to inform their defense.
The United States-based cryptocurrency wallet “Copay” was recently subject to a highly targeted supply chain attack. An attacker initially used social engineering techniques to gain developer access to “event-stream,” an open-source code library that is widely used by organizations across the globe. By targeting the specific subset of Copay developers relying upon event-stream, the attacker injected malicious code that sought to intercept and steal data from Copay users when pushed to consumers. Although the specific amount of data stolen remains unreported, this attack exemplifies a possible trend of attackers targeting not only third-party suppliers but also open-source code repositories, on which many organizations rely.
The Chinese-state-associated threat group APT10 has reportedly intensified its targeting of Australian businesses for the purpose of corporate espionage. This activity likely indicates a broader trend of increased Chinese cyber espionage efforts worldwide; the United States recently accused China of conducting espionage operations. Such activity is likely to provoke a reaction from Western governments, which could include public attribution claims and indictments against Chinese nationals allegedly involved.
The Mirai botnet has targeted non–Internet-of-Things (IoT) devices, with attackers compromising Linux servers by abusing a recently disclosed Hadoop YARN vulnerability. This represents a shift in Mirai’s capabilities and an increase in its threat level. Such Linux servers can be valuable targets for attackers, particularly when used in datacenters with access to large amounts of data and bandwidth. The distribution and infection techniques are consistent with previous Mirai campaigns. Other botnet malware have similarly shifted focus away from IoT devices; this trend is likely to continue.
The Ukrainian Computer Emergency Response Team (CERT) has released information on a new version of Pterodo, a custom backdoor malware developed by the Russian state and associated with the Gamaredon threat group. The backdoor has been updated to target systems localized to former Soviet Union countries and to generate unique command-and-control URLs for each infected device, allowing threat actors to determine which tools to use on a case-by-case basis. Given current heightened tensions between Russia and Ukraine following the Russian seizure of Ukrainian warships, it is realistically possible that the new variant of Pterodo could indicate an impending Russian cyber campaign.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.