Cyber Weekly Digest - Week #6

Find out the biggest cyber security stories from across the globe in our Cyber Weekly Digest. This week we dive into the latest on a possible second APT exploiting SolarWinds, the social media crackdown of trafficking hijacked accounts and Oxfam Australia's recent data breach.

1. A 20-year-old was arrested in the U.K. for operating an online service known as "SMS Bandits."

The U.K.'s National Crime Agency has arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service is marketed as "SMS Bandits", responsible for huge volumes of phishing lures including COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

2. A second APT, possibly backed by China, may have exploited a SolarWinds bug to install the Supernova backdoor.

This week the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw. Reuters reported that the APT's infrastructure used in the attack matches that known to be deployed by government-backed Chinese actors. SolarWinds confirmed that the new APT offensive was not a supply-chain attack; instead, the cyber attackers exploited a software vulnerability in Orion after it was installed in targets' networks, to establish the backdoor called Supernova.

3. Babyk ransomware operation has launched a new data leak site with a list of targets they won't attack.

Babyk ransomware operation has launched a new data leak site with a list of targets they won't attack. Included in the list were hospitals, non-profit, schools and small businesses. However, the list included exclusions dictated by personal opinions such as targeting charities who help LGBT and BLM. It is not commonly seen that personal opinions can be a determining factor in ransomware operators choosing targets. With the release of Babyk's site, there are now a total of nineteen active ransomware data leak sites used in double extortion tactics.