Updated: Sep 3, 2021
In this week's Cyber Weekly Digest, find out about all the latest cyber security stories from across the world, including a new zero-click iMessage exploit used to deploy NSO spyware and a ransomware gang that has shut down their operations and released a master decryptor. Keep reading to stay up to date with this week's cyber security stories.
SAC Wireless, a US-based Nokia subsidiary, disclosed a data breach this week following a Conti ransomware attack in June. The threat actor, Conti, gained access to the SAC systems, uploaded files to its cloud storage, and then deployed ransomware to encrypt the files on SAC systems. Following a forensic investigation, it was found that the personal information belonging to current and former employees had been stolen. The Conti ransomware gang revealed on their leak site that they stole over 250 GB of data and will soon leak the data if SAC does not pay the ransom demands.
Researchers have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. In total, nine Bahraini activists have their iPhones hacked in the campaign. Researchers first observed NSO Group deploying the new zero-click, FORCEDENTRY, iMessage exploit, which circumvents Apple's BlastDoor feature in February 2021. Until Apple releases security updates, the only thing potential targets could do to protect themselves is to disable all apps the Israeli surveillance firm could potentially target.
A financially motivated cybercrime gang has breached and backdoored the network of a US financial organisation with a new malware dubbed as Sardonic. FIN8, the threat actor behind this incident, has been active since at least January 2016 and is known for targeting retail, restaurant, hospitality, healthcare, and entertainment industries with the end goal of stealing payment card data. Sardonic is a new C++-based backdoor the FIN8 threat actors deployed on targets' systems, likely via social engineering or spear-phishing. In the attack against the US bank this week, the backdoor was deployed and executed onto victims' systems in a three-part process using a PowerShell script, a .NET loader, and downloader shellcode.