Updated: Jan 21
In this week's Cyber Weekly Digest, find out about the biggest cyber security stories, including ransomware gang arrests in Ukraine and the latest Microsoft Patch Tuesday, which fixed six zero-day vulnerabilities. Keep reading to stay up to date on the latest cyber security news.
Threat actors, who are believed to work for the North Korean government, have compromised the email account of a Russia's Ministry of Foreign Affairs employee and deployed spear-phishing attacks against the country's diplomats in other regions. Researchers found that the spear-phishing attacks have been active since at least October. Threat actors are using the attacks to deploy Konni malware, a remote administration tool associated with the activity from North Korean hackers known as APT37. The attackers a New Year theme as a decoy in emails to staff at the Russian embassy in Indonesia.
Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update. Nine of them are rated critical, including six that are listed as publicly known zero-days. None of the zero-days are listed as being actively exploited, though two of them have public exploit code available. This patch Tuesday is an unusually large update for January; researchers noted that January updates are typically half the size.
Threat hunters have released details on the tactics, techniques, and procedures embraced by an Indian-origin threat group called Patchwork. The details focused on a recent campaign that started in November, which targeted Pakistani government entities and individuals. Ironically, the hunters were able to gather the information as the threat actor had infected themselves with their own remote access trojan, meaning the hunters could capture keystrokes and screenshots. In the latest campaign, the attackers lure potential targets with RTF documents impersonating Pakistani authorities to deploy a new variant of the BADNEWS trojan called Ragnatela.
This week Ukrainian police officers have arrested a ransomware affiliate group responsible for attacking at least 50 companies in the US and Europe. These arrests are a joint effort from law enforcement officers in the UK, the US and Ukraine. A 36-year-old Kyiv resident was identified as the group leader, which included his wife and three other individuals. It is estimated that the total losses resulting from the attacks are more than one million US dollars.
At the end of last week, FinalSite suffered a ransomware attack that forced them to take down their IT systems, including web servers hosting customers' websites. This led to the shut down of approximately 5,000 school's websites, 3,000 of which are for public school districts in the USA. After a six-day investigation, it was found that no school data was accessed or stolen by the attackers. FinalSite said it would not disclose the name of the ransomware gang due to further investigations.