ShadowTalk hosts Kacey, Charles, Alec and Digital Shadows (now ReliaQuest) CISO Rick bring you the latest in threat intelligence. This week they cover:

  • A member of TheDarkOverlord was sentenced to multiple years in prison, APT41 members have been charged with computer crimes, and
  • 179 cybercriminals have been arrested for pushing illicit drugs and weapons on criminal marketplaces.
  • Fancy Bear activity uses NATO training documents for a phishing campaign
  • Activision suffers a potential data breach – what we know
  • University Hospital targeted by ransomware attack – the team discusses

Listen below 👇👇

Iranian threat actors indicted for cyber espionage

A federal court in Virginia, US, has unsealed an indictment for three Iranian individuals accused of a coordinated cyber-espionage campaign. Using identity theft, social engineering, and data theft, the threat actors reportedly targeted technology-related information from aerospace and satellite tracking organizations in the US, the UK, Singapore, Israel, and Australia. The perpetrators were reportedly working on behalf of Iran’s Islamic Revolutionary Guard Corps.

URSA trojan wielded against Spanish-, Portuguese-speaking countries

Researchers reported on a wave of attacks using the “URSA” trojan against a wide range of Spanish- and Portuguese-speaking countries. In an attack campaign that occurred between June and September 2020, the malware attacked victims in Mexico, Brazil, Spain, Portugal, Italy, Bolivia, Chile, Argentina, Ecuador, Peru, Paraguay, Colombia, and Costa Rica. The trojan demonstrated sophisticated techniques to steal passwords and banking information while evading anti-virus detection mechanisms.

Emergency CISA warning about Zerologon in Windows servers

The US Cybersecurity and Infrastructure Security Agency (CISA) released an emergency directive, warning users of a Zerologon vulnerability affecting Microsoft Windows servers. The flaw was addressed on Microsoft’s Patch Tuesday, but CISA warned that it is highly likely threat actors will exploit unpatched versions. The vulnerability reportedly poses a significant risk, and requires immediate action, especially as exploit code for the flaw was discovered in the wild. It is highly likely that threat actors will take advantage of vulnerable, unpatched systems in the short-term future (one to three months).

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 25 September 2020