Keeping One Step Ahead of Black Friday Cyber Threats
Threat Intelligence / ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.

Listen to this week’s episode now 👇

Threat actors attempt to attack remote NASA workers

On 06 Apr 2020 NASA released a memo stating that recent cyber attacks have targeted federal United States employees working from home. Although mitigation tools used by NASA’s Security Operations Center have prevented a successful attack, phishing attempts have doubled in number, and malware attacks on NASA systems have also increased. The memo highlights the continuous cyber threat that will remain as attackers take advantage of remote workers during the COVID-19 pandemic.  

Microsoft PowerPoint users vulnerable to hyperlink flaw  

On 08 Apr 2020 security researcher Madar Satam discovered a new vulnerability affecting Microsoft PowerPoint. The flaw could allow attackers to trigger the download of malicious files hosted on a remote server by simply having the user hover over a hyperlink in a PowerPoint file. The attack, dubbed Hover with Power, works by manipulating pointers in hyperlinks and using a HyperLink action set to “Other file”. Upon hovering over the link, a pop-up box, which can be manipulated by the attacker, appears and asks the user if they want to run a file. Although this vulnerability allows for malware to be downloaded without the need for users to click on hyperlinks, it still requires human interaction to successfully infect victims.  

Malicious applications exploit videoconferencing demand 

On 08 Apr 2020 cyber-security researchers reported a significant uptick in the number of malicious applications, containing either malware or adware, masquerading as videoconferencing apps. This included approximately 120,000 suspicious malware and adware packages in the wild masquerading as versions of Skype,  in addition to imitations of Zoom, WebEx, GoToMeeting, Flock, and Slack. Threat actors are likely increasing their development of videoconferencing applications to capitalize on the recent increase in remote working. 


For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 17 Apr 2020

Related Blog Posts

Dark Web Recruitment: Malware, Phishing, and Carding

Dark Web Recruitment: Malware, Phishing, and Carding

November 10, 2022 | 12 Min Read

In our first blog in this series, we covered how...
2023 Cyber Threat Predictions

2023 Cyber Threat Predictions

November 1, 2022 | 14 Min Read

As we move towards the end of 2022, now is the...
Q3 2022 Vulnerability Roundup

Q3 2022 Vulnerability Roundup

October 26, 2022 | 5 Min Read

The curtain has fallen on the third quarter (Q3)...