InfoSec Round-Up July 23th
Spyware Response, Aramco Hack & Microsoft Attack
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Pegasus Spyware Response
NSO Group, the organisation behind the controversial surveillance software ‘Pegasus’, has responding to criticism stating that its customers should be the focus of ire and not them.
The software, which was reportedly used to spy on upwards of 50,000 targets, has garnered a significant amount of media attention over the last week, largely relating to its role in monitoring public figures, including journalists, government officials and various international dissidents.
With a list of these targets being leaked, Israeli technology company NSO group has defended itself and its ethics, likening the situation to “criticising a car manufacturer when a drunk driver crashes.”
Additionally, stating that the software is intended for use against criminals and terrorists, and made available only to military, law enforcement, and intelligence agencies from countries with good human-rights records, the software is believed to been used against murdered journalist Jamal Khashoggi.
A spokesperson for the company has stated, “We are sending the system to governments, we get all the correct accreditation and do it all legally… if a customer decides to misuse the system, he will not be a customer anymore. But all the allegations and all the finger-pointing should be at the customer.”
Saudi Aramco Hacked
Saudi Aramco, one of the world’s largest petroleum companies, has confirmed data from one of its contractors has been stolen and is being used in an attempt to extort $50 million from the company.
Believed to be around 1TB of proprietary data, the group behind the attack, ZeroX, claims to have stolen the data by hacking Aramco’s networks sometime back in 2020, with data being posted on the darknet in June of this year.
Reportedly including employee data, client lists, contracts, and network information, the incident has been wrongly labelled by some as a ransomware attack, with the company iterating in public statements that the affected data was held by third-party contractors.
Coming soon after the attack against US fuel company Colonial Pipeline, Aramco is no stranger to cyber-attacks, having had around 35,000 computers wiped by the Shamoon virus back in 2012.
A spokesperson for the company has stated, “[We] recently became aware of the indirect release of a limited amount of company data.” Adding, “We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture”.
China Responsible for Microsoft Attack
The UK, US and EU have named China as being responsible for a major cyber attack against Microsoft Exchange servers, in which at least 30,000 organisations have been affected.
Beginning in January, the attack exploited a vulnerability in the Microsoft systems, inserting backdoors by which large amounts of personal information and intellectual property was stolen from, amongst others, defence contractors, think tanks and universities.
According to a BBC report, Western security services believe this attack signals a shift in espionage tactics and raises concerns over escalating Chinese cyber-behaviour, with the Chinese Communist Party being labelled “reckless” by the UK Foreign Office.
Despite denials from the Chinese government, Antony Blinken, the US secretary of state accused China of a “pattern of irresponsible, disruptive and destabilizing behaviour in cyberspace, which poses a major threat to economic and national security”.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
UK Police seize £180 million in money laundering investigation. REvil ransomware website mysteriously disappears. Iran targets British academics in phishing attack.
Member of public finds Ministry of Defence (MoD) documents. Salvation Army loses data in cyber attack. Denmark's Central Bank affected by SolarWinds hack.
Prolific phishing scammer arrested for 25k SMS messages. Scotland's EPA announces 4 thousand files were stolen. Security icon John McAfee found dead.
New York Time, the Guardian, Reddit and more unavailable. JBS pays $11 million ransom to attackers. FBI created fake end-to-end encrypted chat app.
Meat Supplier JBS grinds to a halt. The ICO fines Conservatives £10K. Swedish Public Health Agency hacked.
UK's ICO fines Amex £90K for marketing emails. Japanese government responds to supply chain attack. Darkside criminal gang strike again.
Fuel supplier pays a huge $4.4 million ransomware to criminals. Russia "unconvincingly" denies involvement with SolarWinds hack. FTC reports $80 million has been lost to scams.
Devastating attack hits Colonial Pipeline fuel supplier. Company criticised for 'unethical' phishing campaign. NSCS warns international cyber criminals.
“Aggressive and Urgent” action against ransomware needed. Romance fraudster steals $113K from victim. Household router flaws leave 6 million vulnerable.
Washington DC’s Metro Police Department has lost 250GB of unencrypted data which could be leaked to criminal gangs. Reverb.com exposes personal data of millions of customers. Massive Merseyrail ransomware attack.