ShadowTalk Update – 2.11.19

ShadowTalk Update – 2.11.19
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
February 8, 2019 | 3 Min Read

Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma” malware. They also look at a spam campaign targeting American users, distributing the “Trickbot” banking trojan; Vietnamese threat group “OceanLotus” deploying a new custom downloader; and a distributed denial of service (DDoS) campaign displaying record-breaking power by combining techniques. Read the full intelligence summary here.

Highlights from the week include: a spam campaign targeting American users, distributing the “Trickbot” banking trojan; Vietnamese threat group “OceanLotus” deploying a new custom downloader; and a distributed denial of service (DDoS) campaign displaying record-breaking power by combining techniques.

UAE compromises iPhones through Karma spyware

The UAE’s intelligence services reportedly used spyware known as Karma to compromise the Apple iPhones of “hundreds” of domestic and foreign individuals. Contractors, such as Emirati security officials and former United States intelligence operatives, employed Karma to target activists, diplomats and government officials, according to Reuters news agency. There have now been numerous controversial incidents involving the sale and use of spyware, indicating a broader trend. It highlights how commercially available tools can enable state-associated threat actors to develop their capability and grow as a threat.

Spam campaign hits US email users with Trickbot banking trojan

A spam campaign distributing the Trickbot banking trojan was identified targeting users in the United States. Phishing emails impersonated an investment banking company or other organizations to increase their perceived legitimacy. The messages contained a malicious attachment that triggered the trojan infection process when opened by a recipient. Reporting suggested that the campaign could have extended beyond the United States, and more attacks using Trickbot are likely in the next three to six months.

Vietnamese threat group OceanLotus releases custom downloader

The Vietnamese threat group OceanLotus has deployed a new custom downloader that includes new anti-detection techniques in a recently observed cyber attack campaign. The code for the “KerrDown” malware was hidden in a lure document, very likely to bypass security platforms capable of identifying malicious binaries. OceanLotus continues to be highly active and has steadily developed its tactics and tools. Although this recent campaign appears to have targeted Vietnamese-speaking entities, the group has previously targeted foreign entities and it is possible that the same tactics will be deployed against other targets in the next six months.

New DDoS attack campaign four times more powerful than previous

A distributed denial of service attack, reportedly four times more powerful than that reported against GitHub in 2018, was recently observed by security researchers. The attack used two older techniques known as “syn flood” and “large syn flood” simultaneously to direct 500 million packets per second against an unspecified target. This type of attack is reportedly harder to mitigate because of the volume of packets sent. In this case, the victim was able to negate the attack’s impact, but other organizations that lack DDoS protection services would almost certainly have suffered significant disruption. The exact motive of the attackers is unconfirmed, but DDoS attacks are typically used to cause disruption (although they can also serve as a distraction from other malicious activity).

 

For more details, read the full Weekly Intelligence Summary here:
Weekly Intelligence Summary 31 Jan - 07 Feb 2019

To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...