We're Moving! - Websites, That Is
Threat Intelligence / ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
January 10, 2020 | 3 Min Read

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide some regional insight and context around the Iranian cyber threat and discusses whether a cyber response is likely.

Then Adam and Viktoria discuss other tops stories from the week including a ransomware outage for Travelex, Xiaomi Mijia camera data exposed, and bc[.]monster updates on Exploit forum.

Listen below 👇👇👇

Iranian cyber response neither impossible nor guaranteed

Since the recent airstrikes by the United States in Iran, which resulted in the death of General Qasem Soleimani, security researchers and media outlets have been focused on the potential of any Iran-associated response. The geopolitical tension that already existed between the United States and Iran has sometimes resulted in offensive cyber activity―mostly destructive, disruptive, and/or espionage campaigns.  A cyber response from Iran is an option but in this case there is no guarantee, considering the nature and impact of the physical event. If any does occur, the Iranian threat actors’ capabilities, tool sophistication, and tactics, techniques, and procedures (TTPs), as well as impact of a successful cyber attack, would likely be similar to those previously exhibited, although the motive and attack focus may differ.

Another malicious Chrome extension aids cybercrime

A malicious Chrome browser extension has been observed stealing sensitive information, including login credentials and private keys from cryptocurrency wallets. The extension, named Shitcoin Wallet, allows users to manage cryptocurrency coins and tokens, but researchers claim that it relays private keys to a third-party website and actively injects malicious JavaScript code. An associated desktop application is also available, although it remains unconfirmed whether this is also malicious.


Travelex services taken offline after cyber incident

The foreign currency exchange service Travelex has suspended some of its online services after a suspected malware attack. The technical details of the attack remain unconfirmed, but the company’s United Kingdom website and some of its systems were taken offline as a precautionary measure, likely to stop the spread of malware. Customers were temporarily unable to use the service, although Travelex claims that no user data has yet been compromised.


Phishing emails drop newly detected DeathRansom

Security researchers have identified and tracked a new strain of ransomware named DeathRansom, being distributed via the common method of phishing email campaigns. The latest version of the ransomware uses an effective encryption scheme and can detect language used on an infected machine. Researchers tracking DeathRansom activity have linked its author to wider credential-stealing campaigns and cryptocurrency mining attacks by extracting strings from DeathRansom’s source code.


For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 10 Jan 2020

And to stay up to date with the latest from Digital Shadows, subscribe below.

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...