Pietro, Viktoria, Adam, and Demelza cover this week’s top threat intelligence stories, including a Hacktivist group choosing destruction over profit with ransomware.

Other stories this week include:
– EasyJet breach
– Collection 1 Hacker Identified
– Fin7 Member Arrested
– iOS Mail App Vulnerability

Winnti Group attacks video-game developers in Taiwan, South Korea

The Chinese state-associated “Winnti Group” has targeted video-game developers in cyber attacks in Taiwan and South Korea. Reportedly the threat group used new backdoor malware, dubbed Pipemon, against companies that are developing Massively Multiplayer Online (MMO) games. The exact motives are unclear, as Winnti Group has carried out financially and politically motivated campaigns in the past.

129 million records of Russian car owners offered on dark web

Security researchers reported that a traffic police registry containing the records of 129 million Russian car owners is for sale on an unnamed dark-web marketplace. The seller alleges that the registry includes names, email addresses, dates of birth, passport numbers, and contact details. The information that has been leaked could facilitate future cyber attacks, such as spearphishing and credential stuffing.

Ragnar Locker evades detection through virtual machine

Security researchers reported on new cyber attacks using the “Ragnar Locker” ransomware variant. The attackers deployed Ragnar Locker in a virtual machine, which could obfuscate the variant and evade detection. They used the virtual machine to run executable files that then deployed the ransomware onto the target system. The innovative defense method demonstrates advanced tactics and technical capability. The new attacks follow the use of Ragnar Locker in an attack against a Portuguese energy company, Energias de Portugal, in April 2020.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 29 May 2020