ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
June 22, 2020 | 2 Min Read

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week.

This week they cover:

  • Honda cyber attack
  • LookBack, FlowCloud similarities point to a single perpetrator of utility attacks
  • Delivery of malware through cloud storage

Listen to this week’s episode now 👇

ShadowTalk Threat Intelligence Podcast · WEEKLY: Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

Gamaredon expands Outlook by claiming victims from contacts list

The likely Russia-associated “Gamaredon” threat group has been observed conducting new attack campaigns that use Visual Basic Application (VBA) macros to spread malware to a victims’ contacts found in Microsoft Outlook. Researchers believe this is the first documented case of such macros being used to spread malware, which has likely indirectly affected individuals who are listed as a target’s contacts. Gamaredon has been active since emerging in 2013 and has a variety of tools at its disposal.

WhatsApp details exposed on indexed Google pages

A security researcher has discovered and disclosed a privacy issue in the web portal of the popular messaging platform WhatsApp. Using advanced search techniques (Google dorking), the researcher identified users’ phone numbers in plaintext hosted on indexed Google pages. Google dork search queries could be used to identify the phone numbers, as well as the profile images, of WhatsApp account users. Approximately 400,000 numbers have since been removed from the indexed pages.

Threat actors exploit SMBGhost vulnerability

The United States Cybersecurity and Infrastructure Agency (CISA) has warned of attacks targeting unpatched systems that are vulnerable to CVE-2020-0796, a flaw in Server Message Block 3.0 (SMBv3) referred to as SMBGhost. This came after the public release of a new proof of concept (PoC) achieving remote code execution (RCE). Threat actors are likely to use the techniques detailed in the PoC to launch RCE attacks against unpatched systems. A patch for CVE-2020-0796 was released in March 2020.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 19 June 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Threats to Asset and Wealth Management in 2020-2021

Threats to Asset and Wealth Management in 2020-2021

January 21, 2021 | 10 Min Read

Note: Our findings in this blog stem from...
Azure AD: Auto Validate Exposed Credentials

Azure AD: Auto Validate Exposed Credentials

January 19, 2021 | 3 Min Read

SearchLight customers can now automatically...
ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

January 18, 2021 | 3 Min Read

ShadowTalk hosts Alec, Charles, Austin, and...