ShadowTalk Update – Zoom Zero-Day Vulnerabilities and Fin7 Delivering Malware Via Snail Mail

ShadowTalk Update – Zoom Zero-Day Vulnerabilities and Fin7 Delivering Malware Via Snail Mail
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
April 6, 2020 | 2 Min Read

Hey all you cool cats and kittens! We’ve got a brand-new threat intel episode for you coming from our virtual podcast studio with Adam, Jamie, and Viktoria.

The team chat through the latest Zoom zero-day flaws discovered, and the story around Fin7 delivering malware via USB sticks and teddy bears in the mail.

Listen to this week’s episode now 👇

APT41 exploits Cisco, Citrix, Zoho vulnerabilities

The Chinese state-associated threat group “APT41” exploited Citrix Application Delivery Controller (ADC), Cisco routers, and Zoho ManageEngine Desktop Central, targeting at least 75 organizations. Initially the group targeted CVE-2019-19781, a vulnerability on Citrix ADC and Gateway devices, in January. The group began to target a Cisco RV320 router on 21 February, using a Metasploit module combining CVE-2019-1653 and CVE-2019-1652. APT41 moved on to exploit CVE-2020-10189, targeting the Zoho ManageEngine Desktop Central product less than a week after the proof of concept was published. The breadth of targeted geographies and sectors highlights the significant threat the group poses to a variety of organizations.

Healthcare provider and hospitals fall victim to Ryuk ransomware

The threat group behind the “Ryuk” ransomware variant recently targeted hospitals and an unspecified, United States-based healthcare provider. Various other ransomware groups have stated their intention to not target healthcare organizations during the COVID-19 pandemic, but this incident shows that healthcare organizations remain vulnerable to cyber threats for the short-term future (next three months). These would come from threat actors either continuing pre-pandemic attacks or deliberately targeting healthcare entities to exploit pandemic-related opportunities.

Georgian citizen data published online

Voter information for more than 4.9 million Georgian citizens was published on a hacking forum on 28 Mar 2020. The database contains personal details, including full names, home addresses, dates of birth, identification numbers, and mobile-phone numbers. Although highly classified or sensitive information was not included, the size of the database and number of affected citizens means any resulting cyber-threat operations against Georgian citizens would be highly effective.


For more details, read the full Weekly Intelligence Summary

Weekly Intelligence Summary 03 Apr 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us