Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
Cybercrime and cybercriminals continue to evolve and get more creative. Early July, researchers found a newly created Windows-based information stealer going by the name of Meduza Stealer that is designed to evade detection by software solutions. Read full article.
One new developing piece of malware, Big Head, is being used to trick Windows users into installing an update while encrypting files on the victim’s computer. The majority of victims have been in the U.S., Spain, France, and Turkey. It deploys three encrypted binaries, with the “archive[.]exe” binary allowing for communications over Telegram. Read more.
The ransomware group “BlackCat” (aka ALPHV), has been found running malvertising campaigns. They try to get their victims to click into fake pages that look nearly identical to the real WinSCP file-transfer application for Windows and then push their malware. Their goal is to get IT professionals and admins to be their victims so they can then get access to corporate networks. Learn more.
In early July, a chinese nation-state group was found targeting European Foreign Affairs ministries and embassies with HTML smuggling techniques (given the name SmugX). Their goal was to deliver the PlugX remote access trojan on compromised systems. Read full article.
The China-linked nation-state actor, APT41 (aka Axiom, Blackfly, Brass Typhoon, Bronze Atlas, HOODOO, Wicked Panda, and Winnti) is known for their strains of Android spyware called WrymSpy and DragonEgg. They have been active since 2007 and are known to conduct intellectual property theft. Read more.
On July 11, Deutsche Bank confirmed that one of their services providers had experienced a data breach that exposed customers’ data – likely a MOVEit Transfer data-theft attack, related to CL0P’s ransomware wave of MOVEit attacks. Read full article.
HCA Healthcare stated that they experienced a data breach which affected 11 million patients. A threat actor leaked samples of the stolen data on a hacking forum and began selling the data of patient records that had been created between 2001 and 2003. Read more.