Cyber Weekly Digest - Week #26

Updated: Jul 2, 2021

In this week’s digest we dive into the latest REvil ransomware victims, 4 high-level vulnerabilities which affect over 30 million Dell devices, and how North Korean’s linked threat actors breached a South Korea nuclear research agency. Keep reading to find out about the biggest cyber security stores from around the world.

1. South Korea’s nuclear research agency confirmed it’s internal network was hacked.

This week South Korea’s ‘Korea Atomic Energy Research Institute’ (KAERI) confirmed that their internal networks were hacked last month by North Korean Threat Actors using a VPN vulnerability. At the time of the attack, KAERI initially denied the attack occurred, they have since confirmed and apologised for attempting to cover up the breach. KAERI is still investigating the incident to confirm what information was accessed during the incident. However, access logs show thirteen different unauthorised IP addresses gained access to the internal network, one of the IPs is linked to North Korean state-sponsored hacking group Kimsuky.

2. 30 million Dell devices are at risk for remote BIOS attacks.

Researchers have found four high severity vulnerabilities which affect 129 models of Dell laptops, tablets and desktops ,which is estimated to be 30 million devices worldwide. The security bugs could give attackers almost complete control and persistence over targeted devices. Specifically, the issues affect the BIOSConnect feature within Dell SupportAssist. BIOSConnect is used to perform remote OS recoveries or to update the firmware on the device. Dell is starting to push out patches for BIOS on all of the affected systems.

3. Pakistan-linked threat actors have been targeting Asian government and energy organisations.

Researchers has found a threat actor with suspected linked to Pakistan which has been targeting energy and government organisations in the South and Central Asian regions. Most of the organisations which they believe have been compromised were in India and a small number in Afghanistan. The researchers believe that the operation began in January of this year. The attacker has been targeting victims to deploy a remote access trojan on compromised Windows systems.