Threat Intelligence / ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
January 11, 2021 | 2 Min Read

ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover:

  • Post-holiday updates on SolarWinds – what have we missed?
  • Ticketmaster gets fined $10 million for illegally accessing the internal systems of a competitor, using the credentials of a former employee
  • Apex Laboratory announced that it was the victim of a cyber attack – what we know so far
  • 2020 in review: What will the new year bring in the world of cybersecurity?

Listen 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

Microsoft publishes update on SolarWinds incident

Microsoft’s security response team published a blog regarding its internal investigation of the SolarWinds incident. The blog stated that there was no indication any Microsoft production services or customer data had been accessed, or that any Microsoft systems were used to attack other organizations. All SolarWinds applications have been reportedly isolated and removed by Microsoft. Although the blog stated that there was evidence of an internal account being used to view source code, this was deemed a low threat, based on Microsoft’s open approach to software development. Any further updates to the investigation will be shared to the same blog.

Hardcoded backdoor exposes 100,000 Zyxel firewalls

Security researchers discovered hardcoded, administrator-level backdoor affecting more than 100,000 Zyxel firewalls, VPN gateways, and access point controllers. Tracked as CVE-2020-29583, the backdoor can enable attackers direct access to affected devices via the Secure Shell (SSH) interface or web administration portal. These devices are typically located on the perimeters of an organization’s network; successful compromise could enable threat actors to pivot into more sensitive areas of a target’s system. Administrators should apply relevant patches immediately.

APT37 uses messaging application for reconnaissance

The North Korean state-associated threat group “APT37” targeted a messaging application used by an unnamed private stock investment firm. By compromising the legitimate installer of the application with malicious code, APT37 tricked victims into unknowingly downloading malicious scripts to their devices. These scripts executed additional payloads that
were used to establish communication with a command-and-control (C2) server. APT37 then performed reconnaissance on the infected targets, in keeping with previous activity directed at investment and trading firms.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 08 January
REvil: Analysis of Competing Hypotheses

REvil: Analysis of Competing Hypotheses

July 28, 2021 | 15 Min Read

ShadowTalk hosts Stefano, Adam and Dylan...
Q2 Ransomware Roll Up

Q2 Ransomware Roll Up

July 20, 2021 | 9 Min Read

ShadowTalk hosts Stefano, Adam and Dylan...
REvil Ransomware: What’s Next?

REvil Ransomware: What’s Next?

July 15, 2021 | 10 Min Read

ShadowTalk hosts Stefano, Adam and Dylan...
Kaseya Attack Update: What’s Happened Since?

Kaseya Attack Update: What’s Happened Since?

July 14, 2021 | 6 Min Read

ShadowTalk hosts Stefano, Adam and Dylan...