ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
July 27, 2020 | 2 Min Read

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover: 

  • Trickbot trojan mishap causes wide-spread warnings, alerting users of threatening activity
  • Dangerous malware Emotet resurges and partners with Trickbot to infect a large number or users
  • Twitter takeover updates – what we know so far
  • NCSC advisory about APT29 targeting Covid-19 vaccine research
  • APT35 footage surfaces, exposing the group’s information

Listen below 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

UK intelligence body report details Russian cyber threat

The United Kingdom’s Intelligence and Security Committee released a report on the cyber threat Russia poses to the United Kingdom. The report outlines the activity of Russian state-associated threat groups and intelligence services, highlighting Russia as a highly capable cyber threat with the proven capability to carry out sophisticated campaigns against government entities. The report also illustrated links between organized cybercrime groups and the Russian state.

APT29 infiltrates COVID-19 vaccine developers to steal information

The United Kingdom’s National Cyber Security Centre released an advisory warning that the Russian state-associated threat group “APT29” has been targeting organizations involved in developing COVID-19 vaccines in the United Kingdom, United States, and Canada throughout 2020. The group reportedly used spearphishing and vulnerability exploitation to gain access to systems, plus the custom malware variants “WellMess” and “WellMail” to identify and steal information and intellectual property related to COVID-19 vaccines.

APT35 inadvertently exposes threat-actor training materials

Researchers identified a misconfigured, Internet-facing server associated with the Iran-linked threat group “APT35”. The server contained approximately 40GB of files, including videos and tutorials that are likely used to train new recruits. Reportedly accessible for at least three days in May 2020, the files also contained information about various personas and Iranian phone numbers likely associated with APT35 members.

Weekly Intelligence Summary 24 July 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...