Threat Intelligence / ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
June 22, 2020 | 2 Min Read

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week.

This week they cover:

  • Honda cyber attack
  • LookBack, FlowCloud similarities point to a single perpetrator of utility attacks
  • Delivery of malware through cloud storage

Listen to this week’s episode now 👇

ShadowTalk Threat Intelligence Podcast · WEEKLY: Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

Gamaredon expands Outlook by claiming victims from contacts list

The likely Russia-associated “Gamaredon” threat group has been observed conducting new attack campaigns that use Visual Basic Application (VBA) macros to spread malware to a victims’ contacts found in Microsoft Outlook. Researchers believe this is the first documented case of such macros being used to spread malware, which has likely indirectly affected individuals who are listed as a target’s contacts. Gamaredon has been active since emerging in 2013 and has a variety of tools at its disposal.

WhatsApp details exposed on indexed Google pages

A security researcher has discovered and disclosed a privacy issue in the web portal of the popular messaging platform WhatsApp. Using advanced search techniques (Google dorking), the researcher identified users’ phone numbers in plaintext hosted on indexed Google pages. Google dork search queries could be used to identify the phone numbers, as well as the profile images, of WhatsApp account users. Approximately 400,000 numbers have since been removed from the indexed pages.

Threat actors exploit SMBGhost vulnerability

The United States Cybersecurity and Infrastructure Agency (CISA) has warned of attacks targeting unpatched systems that are vulnerable to CVE-2020-0796, a flaw in Server Message Block 3.0 (SMBv3) referred to as SMBGhost. This came after the public release of a new proof of concept (PoC) achieving remote code execution (RCE). Threat actors are likely to use the techniques detailed in the PoC to launch RCE attacks against unpatched systems. A patch for CVE-2020-0796 was released in March 2020.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 19 June 2020
Why CISOs and Executives Should Care About IABs

Why CISOs and Executives Should Care About IABs

September 23, 2021 | 3 Min Read

Initial access brokers (IABs) are enablers of...
Building successful teams on the cybercriminal underground

Building successful teams on the cybercriminal underground

September 15, 2021 | 7 Min Read

We’ve all been socialized since childhood to...
Protecting Against Ransomware: What Role Does Threat Intelligence Play?

Protecting Against Ransomware: What Role Does Threat Intelligence Play?

September 7, 2021 | 4 Min Read

Ransomware actors are thriving at the moment:...
The Eeveelution of ShinyHunters: From Data Leaks to Extortions

The Eeveelution of ShinyHunters: From Data Leaks to Extortions

August 26, 2021 | 7 Min Read

Suppose you were one of the lucky people playing...