Cyber Weekly Digest - Week #12

In this week's digest, we discuss the biggest stories from the week, including Microsoft's Exchange one-click mitigation tool to help small teams patch and new tactics used by Magecart attackers to hide their malicious activity. Keep reading to get all the information you need on the latest cyber security stories from the week.

1. Mimecast confirms a network intrusion by Solar Winds supply-chain attacker.

Mimecast announced that a malicious SolarWinds Orion update was used to access the company's production grid environment, and a limited number of source code repositories" were downloaded. Alongside the source code theft, some Mimecast-issued certificates and limited customer server connection datasets were compromised attackers exploited to target a small number of M365 tenants from non-Mimecast IP addresses. Mimecast recommends that customers in the US and UK reset any server connection credentials used on the Mimecast platform as a "precautionary measure."

2. APTs are targeting telecom companies in cyber espionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology.

According to researchers, Chinese-language APTs are targeting telecom companies in cyberespionage campaigns named "Operation Diànxùn". Researchers have suggested that the campaign could be related to several countries' decision to ban the use of Chinese equipment from Huawei in the global rollout. The APTs used a multi-phased approach to the attacks, with the initial delivery vector being a phishing attack using a fake website designed to mimic the Huawei career page. The second phase executes a .NET payload on the victim's endpoint by leveraging Flash-based artefacts malware.

3. A malicious Xcode project, named XcodeSpy, is targetting iOS development in a supply-chain attack to install a macOS backdoor on the developer's computer.

Xcode is a free application development environment created by Apple that allows developers to create applications that run on macOS, iOS, tvOS, and watchOS. Researchers from SentinelOne discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project used in a supply-chain attack. Threat ac