In this week’s Cyber Weekly Digest we discuss threat actors deploying ransomware as a diversionary tactic to keep incident responders busy whilst fulfilling their cyber espionage goals. We also cover a Spyware vendor that worked with ISPs to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. Keep reading to stay up to date on the latest news from around the world.
Flagstar bank, according to data breach notifications, has suffered from a security breach in December 2021 when hackers breached the bank’s internal corporate network. Through investigation, it is known that intruders accessed sensitive customer details, including full names and social security numbers. This is the second major security incident to occur to Flagstar Bank and its customers in a year.
Italian spyware vendor, RCS Labs, has received help from some Internet Service Providers (ISPs) to infect Android and iOS devices in Italy and Kazakhstan with commercial surveillance tools. There are more than 30 spyware vendors just like RCS Labs whose activity is currently tracked by Google. RCS Labs would work with the target’s ISP to disable the target’s mobile data connectivity; the attacker will then send a malicious link via SMS asking the victim to install an application to restore the data connectivity. These malicious applications abuse multiple exploits, including zero-days, to monitor infected devices.
One of the most hostile ransomware crime Syndicates has grown to become highly organised with affiliates hacking more than 40 companies in a little over a month. Security researchers codenamed the hacking campaign ARMattack and described it as being the group’s “most productive” and “extremely effective.” Conti is currently at the top of three ransomware gangs in terms of attack frequency, falling second after LockBit this year, as per data collected from the first quarter of 2022. Conti has been publishing each month data stolen from at least 35 organizations that did not pay a ransom. The U.S. government is offering a reward of up to $15 million for information leading to the identification and location of the group’s leading members.
Russian intelligence agencies have stepped up the cyberattacks against governments of countries that have allied themselves with Ukraine after Russia’s invasion, states Microsoft. Since the start of the war, threat actors linked to several Russian intelligence services (including the GRU, SVR, and FSB) have attempted to breach entities in dozens of countries worldwide, prioritizing governments, according to Microsoft Threat Intelligence Center (MSTIC) analysts. "MSTIC has detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine," said Microsoft's President and Vice-Chair Brad Smith.
Chinese threat actor 'Bronze Starlight' which has been active since mid-2021, has been found to be using the HUI loader to install ransomware such as LockFile, AtomSilo, Rook, Night Sky and Pandora. It is believed, however, that the installation of ransomware is just a guise to cover up the threat actors' true intent, Cyber Espionage.