Cyber Weekly Digest - 2022 Week #29

Updated: Jul 29

In this week’s Cyber Weekly Digest we dive into some of the newest ransomware operations as well as how the UKs latest heatwave has affected companies such as Google and Oracle. Keep reading to stay up to date on the latest cyber security news from the week.

1. Microsoft links Holy Ghost ransomware operation to North Korean threat actors.

North Korean threat actors have been running a ransomware operation called HolyGhost, for over a year. They have been attacking small businesses in various countries. The group has been active for a while but has failed to gain notoriety due to the success of more prevalent ransomware gangs like LockBit2.0 and Conti. The North Korean group even used the same tactic of threats, double extortion with a leak site to publish the names of the victims and stolen data. The group demands anywhere from 1.2 to 5 bitcoins in ransom, but they have sometimes negotiated to lower the price to a third of the original value. Microsoft Threat Intelligence Centre has found emails from HolyGhost sent to Lazarus, a well-known threat actor owned under North Korean Reconnaissance General Bureau.

2. Hacking campaign targets Elastix VoIP systems to install PHP webshells.

Threat analysts have uncovered a large-scale campaign that is targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software that allows for unified communications that is used for the Digium phones module for FreePBX. The threat actors could most likely be exploiting a remote code execution (RCE) vulnerability identified as CVE-2021-45461, with a critical severity rating of 9.8 out of 10. The attack starts with the attacker adding a