Threat Intelligence / ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
July 27, 2020 | 2 Min Read

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover: 

  • Trickbot trojan mishap causes wide-spread warnings, alerting users of threatening activity
  • Dangerous malware Emotet resurges and partners with Trickbot to infect a large number or users
  • Twitter takeover updates – what we know so far
  • NCSC advisory about APT29 targeting Covid-19 vaccine research
  • APT35 footage surfaces, exposing the group’s information

Listen below 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

UK intelligence body report details Russian cyber threat

The United Kingdom’s Intelligence and Security Committee released a report on the cyber threat Russia poses to the United Kingdom. The report outlines the activity of Russian state-associated threat groups and intelligence services, highlighting Russia as a highly capable cyber threat with the proven capability to carry out sophisticated campaigns against government entities. The report also illustrated links between organized cybercrime groups and the Russian state.

APT29 infiltrates COVID-19 vaccine developers to steal information

The United Kingdom’s National Cyber Security Centre released an advisory warning that the Russian state-associated threat group “APT29” has been targeting organizations involved in developing COVID-19 vaccines in the United Kingdom, United States, and Canada throughout 2020. The group reportedly used spearphishing and vulnerability exploitation to gain access to systems, plus the custom malware variants “WellMess” and “WellMail” to identify and steal information and intellectual property related to COVID-19 vaccines.

APT35 inadvertently exposes threat-actor training materials

Researchers identified a misconfigured, Internet-facing server associated with the Iran-linked threat group “APT35”. The server contained approximately 40GB of files, including videos and tutorials that are likely used to train new recruits. Reportedly accessible for at least three days in May 2020, the files also contained information about various personas and Iranian phone numbers likely associated with APT35 members.

Weekly Intelligence Summary 24 July 2020

REvil: Analysis of Competing Hypotheses

REvil: Analysis of Competing Hypotheses

July 28, 2021 | 15 Min Read

This week’s ShadowTalk hosts Adam, Demi,...
Q2 Ransomware Roll Up

Q2 Ransomware Roll Up

July 20, 2021 | 9 Min Read

This week’s ShadowTalk hosts Adam, Demi,...
REvil Ransomware: What’s Next?

REvil Ransomware: What’s Next?

July 15, 2021 | 10 Min Read

This week’s ShadowTalk hosts Adam, Demi,...
Kaseya Attack Update: What’s Happened Since?

Kaseya Attack Update: What’s Happened Since?

July 14, 2021 | 6 Min Read

This week’s ShadowTalk hosts Adam, Demi,...