Cyber security weekly summary 29 May - 4 June

The week from May 29 to June 4 was marked by the publication of another CIA's cyber tool, a wave of malware infections and campaign which targeted service Google play.

The actors known as Shadow brokers on May 29 announced that would sell new zero-day exploits and hacking tools exclusively to the regular subscribers. The initiative follows their previous efforts to monetize stolen tools via online auction. The first batch of exploits, available for monthly payment of 100 units of cryptocurrency Zcash, which is around 21 500 USD, is supposed to concern web browsers, routers, smartphones and operating systems, including Windows 10. The rest of promised content are compromised data from banks and Swift providers and stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.

Security firm Check Point documented one of the most ambitious malware campaigns on Google Play. It's originator, a tool called Judy designed to produce fraudulent clicks on advertisement banners, was present on 41 applications made by an unnamed Korean company. Malware, which was subsequently downloaded was initiating large amounts of advertisements and thus generated financial revenues to its creators.

The same company has also covered the case of malware Fireball, distributed by the Chinese marketing agency Rafotech. Fireball is able to run any code on victim computers and downloading additional files or programs. Trough this means Fireball manipulates infected users’ web traffic to generate a revenue from visited advertisements. Although Fireball, which has infected as many as 250 million computers currently use its capacities to exclusively for ad-revenue purposes, it may be also used for malware distributing campaigns.

Group of hackers, which have referred to themselves as Tzar Team (one of the aliases of Russian APT28 which is famous mainly for espionage campaigns against governments and military organization) is connected with the breach of the systems of Lithuanian cosmetic surgery clinic. Hackers have subsequently demanded a ransom for the stolen photos, and other personal data from its patients. The situation resulted in the publication of more than 25,000 private photos and other sensitive materials.

After a two-weeks pause on June 1, WikiLeaks published the description of another of CIA cyber tools. So-called project Pandemic is designed for computers on platform Microsoft Windows which share files with remote users in a local network via SMB protocol. The files shared by infected machine are replaced by the versions which contain a trojan inside its code.

About author: Roman Šulc

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace