Lots of threat intelligence news updates in this week’s ShadowTalk episode with Jamie Collier, Adam Cook, and Viktoria Austin.
Top stories this week include:
– NCSC advising consumers on security precautions around smart cameras and baby monitors
– Banking Trojan steals Google Authenticator app codes
– Ransomware Attack on Epiq Legal Services
– Tesco Clubcard fraud warning
– Boots Advantage Card hit by cyber attack
Listen below 👇👇👇
Cloud Snooper bypasses firewall rules to control cloud servers
A new malware variant, “Cloud Snooper”, implements a unique combination of practices to evade detection and communicate with its C2 server by bypassing firewall rules. Cloud Snooper was observed using a kernel-level rootkit and a backdoor, which enabled attackers to gain access to, and remotely control, cloud computing servers. Based on the sophistication of the malware, it is realistically possible that it was developed by nation-state–linked operators. Cloud Snooper will likely be deployed again in the mid-term future, to gain access to servers and steal potentially sensitive data.
TrickBot gains ActiveX control, incites macro activation
Karkoff malware linked to espionage attacks on Lebanese government
Cyber-security researchers identified a new sample of the “Karkoff” malware, linked to the Iranian state-associated threat actor “APT34”, that targeted a Microsoft Exchange Server belonging to a Lebanon government entity. APT34 has been highly active in 2020, and predominantly targets the Middle East and the United States. Security researchers have suggested that Iranian threat actors may have increased their targeting against the United States following the killing of Iranian General Qasem Soleimani. Iranian threat actors will likely continue to target United States-based organizations, although this incident shows that they remain active in the Middle East.
For more details, read the full Weekly Intelligence Summary