Cyber Weekly Digest - Week #6
Find out the biggest cyber security stories from across the globe in our Cyber Weekly Digest. This week we dive into the latest on a possible second APT exploiting SolarWinds, the social media crackdown of trafficking hijacked accounts and Oxfam Australia's recent data breach.
The U.K.'s National Crime Agency has arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service is marketed as "SMS Bandits", responsible for huge volumes of phishing lures including COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.
This week the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw. Reuters reported that the APT's infrastructure used in the attack matches that known to be deployed by government-backed Chinese actors. SolarWinds confirmed that the new APT offensive was not a supply-chain attack; instead, the cyber attackers exploited a software vulnerability in Orion after it was installed in targets' networks, to establish the backdoor called Supernova.
Babyk ransomware operation has launched a new data leak site with a list of targets they won't attack. Included in the list were hospitals, non-profit, schools and small businesses. However, the list included exclusions dictated by personal opinions such as targeting charities who help LGBT and BLM. It is not commonly seen that personal opinions can be a determining factor in ransomware operators choosing targets. With the release of Babyk's site, there are now a total of nineteen active ransomware data leak sites used in double extortion tactics.
Facebook, Twitter, Instagram and TikTok all took action to seize hundreds of accounts the companies say have played a significant role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames. Some of the accounts seized relate to a forum that sells social media access and other online accounts named OGUsers. One of the most active accounts targeted was the Instagram profile "Trusted", self-described as "top-tier professional middleman/escrow since 2014."
A database was found on a hacker forum this week. A threat actor claims to be selling a database containing the Oxfam Australia contact and donor information for 1.7 million people. The database sample includes names, emails, addresses, phone numbers and donations. From the samples, it was confirmed that one of the records includes legitimate data. Oxfam Australia has launched an investigation into the data breach and reported the incident to the Australian Cyber Security Centre incident.