This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover: 

  • Trickbot trojan mishap causes wide-spread warnings, alerting users of threatening activity
  • Dangerous malware Emotet resurges and partners with Trickbot to infect a large number or users
  • Twitter takeover updates – what we know so far
  • NCSC advisory about APT29 targeting Covid-19 vaccine research
  • APT35 footage surfaces, exposing the group’s information

Listen below 👇👇

UK intelligence body report details Russian cyber threat

The United Kingdom’s Intelligence and Security Committee released a report on the cyber threat Russia poses to the United Kingdom. The report outlines the activity of Russian state-associated threat groups and intelligence services, highlighting Russia as a highly capable cyber threat with the proven capability to carry out sophisticated campaigns against government entities. The report also illustrated links between organized cybercrime groups and the Russian state.

APT29 infiltrates COVID-19 vaccine developers to steal information

The United Kingdom’s National Cyber Security Centre released an advisory warning that the Russian state-associated threat group “APT29” has been targeting organizations involved in developing COVID-19 vaccines in the United Kingdom, United States, and Canada throughout 2020. The group reportedly used spearphishing and vulnerability exploitation to gain access to systems, plus the custom malware variants “WellMess” and “WellMail” to identify and steal information and intellectual property related to COVID-19 vaccines.

APT35 inadvertently exposes threat-actor training materials

Researchers identified a misconfigured, Internet-facing server associated with the Iran-linked threat group “APT35”. The server contained approximately 40GB of files, including videos and tutorials that are likely used to train new recruits. Reportedly accessible for at least three days in May 2020, the files also contained information about various personas and Iranian phone numbers likely associated with APT35 members.

Weekly Intelligence Summary 24 July 2020