Threat Intelligence / ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
May 11, 2020 | 2 Min Read

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data.

And finally… our thoughts on Elon Musk’s new baby’s name.

Lucy ransomware impersonates FBI to exploit Android users

The “Lucy” malware-as-a-service (MaaS) botnet and dropper has reportedly been updated with ransomware capabilities in a new attack campaign against Android mobile-device users. The malware was purportedly spread via malicious links on social media platforms. After tricking Android users who visited the platforms―causing them to grant permissions―the malware encrypted all data on the victims’ Android devices. Lucy used a ransom note that impersonated the United States Federal Bureau of Investigation and demanded that victims pay via credit card, probably so the threat actors could also gain access to victims’ credit-card details.


Cisco offers patch for high-severity router software flaw

A patch was released for a high-severity security flaw affecting Cisco’s IOS XE software used by SD-WAN routers. Described as an insufficient input validation flaw, the vulnerability could allow attackers to execute arbitrary code and abuse root privileges on target systems. No attacks exploiting the vulnerability have been reported but users are being advised to apply the patch.


SaltStack vulnerability leads to attacks on Ghost blogging platform

The open-source blogging platform Ghost was reportedly compromised in attacks that followed a threat actor exploiting a vulnerability in the SaltStack software (CVE-2020-11651). Attackers attempted to use Ghost’s infrastructure to mine cryptocurrency,  by using cryptocurrency-mining malware. The attack campaign was discovered on 03 May 2020, just two days after the vulnerability in SaltStack was disclosed. Reporting suggested that no user data was compromised.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 08 May 2020

Why CISOs and Executives Should Care About IABs

Why CISOs and Executives Should Care About IABs

September 23, 2021 | 3 Min Read

Initial access brokers (IABs) are enablers of...
Building successful teams on the cybercriminal underground

Building successful teams on the cybercriminal underground

September 15, 2021 | 7 Min Read

We’ve all been socialized since childhood to...
Protecting Against Ransomware: What Role Does Threat Intelligence Play?

Protecting Against Ransomware: What Role Does Threat Intelligence Play?

September 7, 2021 | 4 Min Read

Ransomware actors are thriving at the moment:...
The Eeveelution of ShinyHunters: From Data Leaks to Extortions

The Eeveelution of ShinyHunters: From Data Leaks to Extortions

August 26, 2021 | 7 Min Read

Suppose you were one of the lucky people playing...