ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarketNovember 25, 2019
Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around Phineas Fisher, where the hacker offered up to $100k in what they called the “Hacktivist Bug Hunting Program”. The team also chats through a recent ransomware attack on Veterinary hospitals in the U.S., and some other ransomware updates.
Then Viktoria and Adam touch upon some research from our own threat intelligence team (Photon Research), specifically around the dark web, including research into Black Friday deals on the dark web, and a look at DarkMarket.
Listen below 👇👇👇
Updates from this week’s Intelligence Summary
- In the spotlight this week: Digital Shadows reviewed nation-state–linked advanced persistent threat (APT) activity in 2019, and highlighted several trends. Some are likely to continue into 2020, and will be supplemented by new challenges as APT groups take advantage of new opportunities.
- Weekly highlights include: The threat actor “TA2101” impersonated government entities to deliver malware in the United States and Europe, hacker “Phineas Fisher” offered USD 100,000 to other hackers willing to conduct politically motivated data thefts, and a banking trojan dubbed Mispadu cropped up in a malvertising campaign to steal payment-card and banking-related information.
APT trends in 2019 foreshadow 2020 challenges
Digital Shadows analysts have discerned several trends in cyber-threat attacks and campaigns that were observed during 2019 and attributed to state-associated APT groups. They include the persistent targeting of governments and government-linked agencies for strategic information, the growing popularity of supply-chain attacks, the development of new tools, and the emergence of new groups. These trends are unlikely to disappear, and over the next 12 months we will probably see significant opportunities for APT groups to exploit new attack surfaces and target prominent events, as they continue to develop existing TTPs.
TA2101 impersonates government bodies to drop malware
Security researchers discovered attack campaigns by a threat actor known as TA2101, targeting German companies and organizations. TA2101 sent phishing email messages spoofing the German Federal Ministry of Finance. Other organizations based in Italy and the United States were also targeted, using emails spoofing the Italian Revenue Agency and the United States Postal Service, respectively. The messages contained malicious attachments that ultimately resulted in the download of such payloads as the ransomware “Maze” and banking trojan “IcedID”.
Hacker offers USD 100,000 bounty for “public interest” data-theft attacks
A hacker known as Phineas Fisher offered other hackers up to USD 100,000 in cryptocurrency to carry out attacks on companies as part of the Hacktivist Bug Hunting Program. The program rewards hackers who conduct attacks on companies that could lead to the disclosure of corporate documents of perceived interest to the public. Some examples of proposed targets include mining and livestock companies in South America, the Israeli spyware vendor NSO Group, and the oil company Halliburton.
Malvertisements send out Mispadu trojan to gather payment details
Security researchers have identified a banking trojan, known as Mispadu, that is delivered through malvertising to ultimately steal payment-card data and online banking information. Mispadu is distributed through emails and sponsored advertisements on Facebook that offer fake discount coupons for McDonald’s. Mispadu has reportedly predominantly targeted countries in Latin America, such as Brazil and Mexico. This operation seems to be targeting the general public.
For more details, read the full Weekly Intelligence Summary here: