InfoSec Round-Up Jan 14th
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Hackers’ Own Goal
An Indian-linked cyber espionage group known as Patchwork has reportedly exposed its own operation after accidentally infecting themselves with a remote access trojan (RAT).
Having been active since late 2015, the threat actors used the malicious software to harvest confidential information, as well as targeting various political organisations via spear-phishing attacks.
With their own compromise being discovered by Malwarebytes Labs, security researchers were able to gather their own information, monitoring the hackers via keystrokes and screenshots of computers and virtual machines.
Able to establish evidence of successful attacks against Pakistan’s Ministry of Defense, the National Defense University of Islam Abad and the International centre for chemical and biological sciences, Malwarebytes Labs noted, “Thanks to data captured by the threat actor’s own malware, we were able to get a better understanding about who sits behind the keyboard… Patchwork, like some other East Asian Advanced persistent threats (APTs) is not as sophisticated as their Russian and North Korean counterparts.”
Romance Fraud Warning
The UK’s Action Fraud has issued a warning urging people to be on the lookout for online fraudsters after an estimated £92 million was lost to romance fraud in the last year alone.
With 8,863 cases reported between November 2020 and October 2021, representing a 27% increase on the previous year, Action Fraud along with the City of London Police, noted how those beginning relationships around Valentines Day are most susceptible to this kind of scam.
Urging those who are not particularly tech savvy to be vigilant, Temporary Detective Chief Superintendent Matt Bradford, from the City of London Police, explains: “Typically, romance fraudsters will spend weeks gaining their victims’ trust… and initially make no suggestion of any desire to ask for any money, so the victim may believe their new love interest is genuine.”
Adding, “But weeks, or sometimes months later, these criminals will ask for money for a variety of emotive reasons and as the emotional relationship has already been formed, victims often transfer money without a second thought.”
Spear Phishing Attack Hits Russian Gov
Hackers thought to be associated with the North Korean government have affected members of Russia’s Ministry of Foreign Affairs (MID) as well as several of the country’s diplomates operating in different regions.
Researchers found that a spear phishing campaign, launched in December of last year, targeted diplomates via a remote access trojan (RAT) disguised as a New Year theme screensaver sent from fellow Russian offices in Serbia.
Thought to be perpetrated by the threat actors known as ‘Konni’, researchers at Lumen Technologies’ Black Lotus Labs, who have analysed the attack, urged caution regarding phishing attacks whilst noting on the incident, “While this particular campaign was highly targeted, it is vital for defenders to understand the evolving capabilities of advanced actors to achieve infection of coveted targets.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Kyoto Uni massive data loss. New ICO head begins role. French data watchdog issues GDPR fine.
Clearview AI faces UK GDPR fine. Hacker charged for extortion attack. Cabinet Office hit with £500k fine.
1.2 million passwords breached in GoDaddy hack. 'Easy-to-guess' default passwords banned in UK. NSO Spyware company sued by Apple.
National Cyber Security Centre publishes annual review. US compensated fraud victims. State-sponsored hacker warning.
UK court throws out mass-action lawsuit against Google. US offers $10 million for the identity of REvil cyber criminals. Stor-a-File storage company suffers data breach.
UK Labour party data leaked by data handler. Facebook announces end to the use of facial recognition. US Commerce Department sanctions Israel's NSO Group.
GCHQ chief warns double in ransomware attacks. “Unprecedented” VOIP cyber-attack. Teen scammer has £2 million in crypto seized.
Computer maker Acer hacked twice in a single week. Ofcom reports almost 45 million people targeted by scammers. US restricts the sale of hacking tools.
125GB of Twitch data leaked. School IT tech charged in insider threat case. EU parliament votes against A.I surveillance.
iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.