ShadowTalk Update – Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121

ShadowTalk Update – Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
August 24, 2020 | 3 Min Read

ShadowTalk hosts Viktoria, Adam, Dylan, and Stefano bring you the latest in threat intel. In this week’s episode they cover: 

  • The ever-popular Emotet – does this dangerous malware have a vaccine? Adam and the team discuss how researchers found a cure.
  • What is the Drovorub malware and what is it trying to achieve?
  • Takeaways from the U.S. Army’s report on North Korean tactics – what do we know about North Korea’s cyber activity and Bureau 121?

Listen below 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121

Corporate espionage group stole sensitive data for over three years

On 13 Aug 2020, security researchers reported that, beginning in 2018, the Russian-speaking threat group “RedCurl” had conducted 26 campaigns against 14 organizations worldwide, in multiple sectors. RedCurl specializes in corporate espionage, using spearphishing to gain initial access to a network, posing as a member of the human resources department and targeting multiple employees at once. RedCurl has remained undetected in infected networks for up to six months, allowing it to collect vast quantities of sensitive data, uninterrupted. 

APT group attacks Linux operating systems with Drovorub malware

On 13 Aug 2020, the US FBI and National Security Agency released a joint cyber-security advisory, disclosing technical details about the “Drovorub” malware. The malware has been used by a Russian nation-state advanced persistent threat (APT) group to target Linux operating systems. Drovorub attempts to plant backdoors in compromised networks, which enables direct communication with the group’s command-and-control (C2) infrastructure. The malware has a wide range of capabilities, such as stealing files and remotely controlling a victim’s device. Drovorub avoids detection by using advanced rootkit technologies, which could allow attackers to implant the malware in many targets and conduct attacks at any time.

Researchers exploit bug in Emotet to stymie infections

On 14 Aug 2020, security researchers reported that a bug in the “Emotet” malware was being used to prevent new infections. The flaw was in Emotet’s persistence mechanism code and enabled the malware to create a new Windows registry key. “EmoCrash”, a PowerShell script created by the researchers, exploited the registry key and caused Emotet to crash, preventing infected machines from communicating with Emotet’s C2 server. The script reportedly reduced the number of infected bots available to Emotet, although on 06 Aug 2020 Emotet updated its persistence mechanism, rendering the script ineffective.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 21 August 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

2021 Forecasts: Six Trends And Predictions For The New Year

2021 Forecasts: Six Trends And Predictions For The New Year

December 1, 2020 | 18 Min Read

This year has been a real doozy, y’all:...
ShadowTalk Update: Egregor Ransomware, IoT Regulations, Black Friday Threats and More!

ShadowTalk Update: Egregor Ransomware, IoT Regulations, Black Friday Threats and More!

November 30, 2020 | 2 Min Read

ShadowTalk hosts Stefano, Adam and Dylan...
Egregor: The New Ransomware Variant to Watch

Egregor: The New Ransomware Variant to Watch

November 24, 2020 | 9 Min Read

INTRODUCING EGREGOR RANSOMWARE...
SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

November 23, 2020 | 5 Min Read

BACKING UP...INTO A DITCH I am a terrible...