We're Moving! - Websites, That Is
Threat Intelligence / ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
September 14, 2020 | 2 Min Read

This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence. In this episode they cover: 

  • Visa issues a warning about new credit card skimmer “Baka”
  • Epic Manchego – Atypical malicious document delivery
  • What is Smaug and how does it operate?
  • Emotet – are there new developments and why did France send an advisory?

Listen below 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

Evilnum unleashes new Python-based PyVil RAT

Researchers reported on the discovery of a new Python-based RAT being deployed by the “Evilnum” threat group. Evilnum has launched highly targeted operations against FinTech companies, distributing the “PyVil” RAT. The new RAT supports many types of activity, including keylogging, distributing executables, downloading Python scripts, running “cmd” commands, and opening Secure Shell (SSH) shells. PyVil has been used in spearphishing attacks against FinTech companies across the UK and European Union, using Know Your Customer regulations (KYC) as a lure in messages.

France, New Zealand, Japan warn of increase in Emotet attacks

Cyber-security agencies in France, New Zealand, and Japan have published security alerts that highlight an increase in attacks delivering the “Emotet” banking trojan. The alerts pertain to malspam campaigns originating from Emotet infrastructure, directed at private-sector companies and government agencies in the three countries. Recipients of the spam email messages are directed to open malicious Microsoft Word documents and password-protected ZIP files containing the Emotet malware. Researchers noted less activity in France than in New Zealand and Japan, although the attacks caused numerous infections in the network of the Paris court system, resulting in a state of emergency triggered by French officials.

CISA raises red flag about North Korea’s BeagleBoyz

The US Cybersecurity and Infrastructure Agency (CISA) released an advisory on North Korea’s “BeagleBoyz”, a subset of the “Lazarus Group” threat collective. They warned that the group is targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cash-outs. BeagleBoyz’s international bank robbery schemes are exploiting critical banking systems and intend to erode confidence in the systems they target. The group is suspected to be working with, or contracting work to, criminal hacking groups, such as “TA505”, for initial access to financial institutions’ networks.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 11 September 2020

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...