We're Moving! - Websites, That Is
Threat Intelligence / ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
July 13, 2020 | 2 Min Read

This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover: 

  • PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation
  • Magecart Developments: Lazarus Group tied to Magecart
  • FBI arrests “Hushpuppi” for alleged BEC Cybercrime Scheme
  • Photon ATO Research: Overview + Key takeaways

Listen below 👇👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

TrickBot checks victims’ screen resolution to evade analysis

Security researchers found that the “TrickBot” banking trojan was checking the screen resolution of victims’ computers to see if a virtual machine (VM) was running. Malware commonly checks for files and processes used by VM guest software, so security researchers typically do not install the guest software, which improves screen resolution and offers other features. Being aware of this practice, TrickBot’s developers were likely using screen resolution checks as another anti-VM check, and would terminate TrickBot processes if a VM was detected.

Lazarus Group linked to Magecart-style web skimming

Security researchers reported that the North Korea-linked advanced persistent threat (APT) collective “Lazarus Group” has been conducting “Magecart”-style web skimming attacks against retail companies in the United States, allegedly including global fashion retailer Claire’s. The researchers speculated that Lazarus Group used spearphishing emails to achieve initial infection, aiming to obtain the passwords of retail staff and gaining access to inject skimming scripts, which they said aligns with the group’s financial motives.

Entities in Myanmar likely targeted by Chinese APT

Researchers have linked a cyber-threat campaign against entities in Myanmar to an unknown APT group associated with the People’s Republic of China (PRC). The campaign began in March 2020 and targeted victims via malicious LNK (Windows shortcut) files. After obtaining access to their targets, the attackers used the red-teaming tool “Octopus”3 for command-and-control (C2) communication. Elements of LNK files were similar to those used by the PRC-linked “Mustang Panda” APT group, although researchers did not attribute the attack to any specific threat group.


3An open-source tool, commonly used in red-teaming assessments that simulate attacks; Octopus is designed to covertly communicate with the C2 server

Weekly Intelligence Summary 10 July 2020

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...