ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
July 13, 2020 | 2 Min Read

This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover: 

  • PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation
  • Magecart Developments: Lazarus Group tied to Magecart
  • FBI arrests “Hushpuppi” for alleged BEC Cybercrime Scheme
  • Photon ATO Research: Overview + Key takeaways

Listen below 👇👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

TrickBot checks victims’ screen resolution to evade analysis

Security researchers found that the “TrickBot” banking trojan was checking the screen resolution of victims’ computers to see if a virtual machine (VM) was running. Malware commonly checks for files and processes used by VM guest software, so security researchers typically do not install the guest software, which improves screen resolution and offers other features. Being aware of this practice, TrickBot’s developers were likely using screen resolution checks as another anti-VM check, and would terminate TrickBot processes if a VM was detected.

Lazarus Group linked to Magecart-style web skimming

Security researchers reported that the North Korea-linked advanced persistent threat (APT) collective “Lazarus Group” has been conducting “Magecart”-style web skimming attacks against retail companies in the United States, allegedly including global fashion retailer Claire’s. The researchers speculated that Lazarus Group used spearphishing emails to achieve initial infection, aiming to obtain the passwords of retail staff and gaining access to inject skimming scripts, which they said aligns with the group’s financial motives.

Entities in Myanmar likely targeted by Chinese APT

Researchers have linked a cyber-threat campaign against entities in Myanmar to an unknown APT group associated with the People’s Republic of China (PRC). The campaign began in March 2020 and targeted victims via malicious LNK (Windows shortcut) files. After obtaining access to their targets, the attackers used the red-teaming tool “Octopus”3 for command-and-control (C2) communication. Elements of LNK files were similar to those used by the PRC-linked “Mustang Panda” APT group, although researchers did not attribute the attack to any specific threat group.


3An open-source tool, commonly used in red-teaming assessments that simulate attacks; Octopus is designed to covertly communicate with the C2 server

Weekly Intelligence Summary 10 July 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...