Updated: Jun 18
In this week’s digest, we dive into some of the largest ransomware attacks so far in 2021 on Fuji Film and JBS. We also look at a newly discovered backdoor that has been developed over three years, linked to Chinese threat actors. Keep reading to find out about the latest and biggest cyber security stories from the week.
On Tuesday night, Fuji Film confirmed a cyber-attack on their Tokyo headquarters. As a part of investigations, the network partially shut down to prevent the attack’s spread. Fuji Film is a Japanese multinational conglomerate that has 37,151 employees across the world. Although Fuji has not confirmed whether the attack was a ransomware attack, Advanced Intel CEO Vitali Kremez has claimed that Fuji Film had been infected with the Qbot trojan last month. The Qbot malware group currently works with the REvil ransomware group.
This week the US Department of Justice seized two domains used by ATP29 group NOBELIUM (also known as Cozy Bear and The Dukes). The domains were used in a recent phishing attack that impersonated USAID to distribute malware and gain access to internal networks. The attack targeted more than 150 organisations, including government agencies and human rights organisations. The two domains seized by the DOJ are theyardservice[.]com and worldhomeoutlet[.]com.
According to new research, ransomware victims are more likely to pay ransom demands by relying on their cyber insurance. According to a new report, in the first half of 2020, ransomware payments accounted for 41% of the total filed cyber-insurance claims. For example, in the recent Colonial Pipeline attack, the energy firm paid a $4.4 million ransom. It has since been revealed that Colonial Pipeline had a cyber-insurance protection policy covering them for at least £15 million, although it is unclear whether the firm utilised the policy. With more companies falling victim to ransomware attacks, does cyber-insurance policies mean that ransomware gangs are more likely to be paid off?
JBS, the world’s largest meat supplier, suffered a ransomware attack this week, which led to operations in Australia, Canada and the US being temporarily shut down. The White House has claimed that the criminal organisation behind the attack is most likely the Russian-based REvil group. Following the recent increase in ransomware attacks across the US and the rest of the world, President Biden has stated he will bring up the issue of cyber-attacks when he meets Russian President Vladimir Putin in two weeks.
This week researchers have discovered a new backdoor that has been used in ongoing cyberespionage activities. The campaigns have been linked to Chinese threat actors who designed, developed, tested and deployed the backdoor over the past three years. The backdoor is designed for compromising the systems of a Southeast Asian government’s Ministry of Foreign Affairs. The Windows-based malware’s infection chain began with spear-phishing messages impersonating other departments in the same government. Staff were targeted with emails containing malicious, official-looking documents. Named ““VictoryDll_x86.dll,”” the backdoor has been developed to include several functions suitable for spying and the exfiltration of data to a command-and-control server.