Threat Intelligence RoundUp: July

August 01, 2023

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets – The Hacker News

Cybercrime and cybercriminals continue to evolve and get more creative. Early July, researchers found a newly created Windows-based information stealer going by the name of Meduza Stealer that is designed to evade detection by software solutions. Read full article.

2. Beware of Big Head Ransomware: Spreading Through Fake Windows Updates – The Hacker News

One new developing piece of malware, Big Head, is being used to trick Windows users into installing an update while encrypting files on the victim’s computer. The majority of victims have been in the U.S., Spain, France, and Turkey. It deploys three encrypted binaries, with the “archive[.]exe” binary allowing for communications over Telegram. Read more.

3. BlackCat ransomware pushed Cobalt Strike via WinSCP search ads – Bleeping Computer

The ransomware group “BlackCat” (aka ALPHV), has been found running malvertising campaigns. They try to get their victims to click into fake pages that look nearly identical to the real WinSCP file-transfer application for Windows and then push their malware. Their goal is to get IT professionals and admins to be their victims so they can then get access to corporate networks. Learn more.

4. Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX – The Hacker News

In early July, a chinese nation-state group was found targeting European Foreign Affairs ministries and embassies with HTML smuggling techniques (given the name SmugX). Their goal was to deliver the PlugX remote access trojan on compromised systems. Read full article.

5. Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware – The Hacker News

The China-linked nation-state actor, APT41 (aka Axiom, Blackfly, Brass Typhoon, Bronze Atlas, HOODOO, Wicked Panda, and Winnti) is known for their strains of Android spyware called WrymSpy and DragonEgg. They have been active since 2007 and are known to conduct intellectual property theft. Read more.

6. Deutsche Bank confirms provider breach exposed customer data – Bleeping Computer

On July 11, Deutsche Bank confirmed that one of their services providers had experienced a data breach that exposed customers’ data – likely a MOVEit Transfer data-theft attack, related to CL0P’s ransomware wave of MOVEit attacks. Read full article.

7. HCA confirms breach after hacker steals data of 11 million patients – Bleeping Computer

HCA Healthcare stated that they experienced a data breach which affected 11 million patients. A threat actor leaked samples of the stolen data on a hacking forum and began selling the data of patient records that had been created between 2001 and 2003. Read more.


Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.