ShadowTalk hosts Stefano, Adam, and Kim bring you the latest in threat intelligence. This week they cover:
- More threat actors and attack vectors are being investigated in the SolarWinds compromise
- Law enforcement officials in the Netherlands are delivering an Emotet update that will remove it from infected devices
- Kim talks Lebanese Cedar – What’s new in their latest attack?
- Adam reviews Nefilim ransomware – how were they able to gain access and why it reinforces the need for securing employee accounts
- Plus, don’t miss the malware name of the week!
Hezbollah-linked Volatile Cedar conducts cyber-espionage worldwide
On 28 Jan 2021, cyber-security researchers reported on an espionage campaign conducted by the Hezbollah-linked “Volatile Cedar” APT group. The targets were reportedly telecommunications and government organizations in Europe, North and South America, Asia, and the Middle East. Volatile Cedar’s attacks used unpatched vulnerabilities in Atlassian
Confluence, Atlassian Jira, and Oracle Fusion Middleware servers, likely to identify and collect sensitive information.
Twitter bots rage against 5G restrictions in Belgium
On 29 Jan 2021, it was reported that a network of bot Twitter accounts had been criticizing the Belgian government’s decision to ban Huawei from supplying 5G equipment locally. Fourteen such accounts had retweeted content from popular profiles, in addition to posting their own tweets and praising Huawei as a reliable supplier. The account operators enhanced the messages’ legitimacy through customized (not automated) tweets, and links to Huawei-sponsored articles and articles from news agencies registered at false addresses. They also used a second network of Twitter bots to amplify
Myanmar Internet connectivity plummets after coup
On 01 Feb 2021, measured Internet connectivity in Myanmar reportedly fell to half of what is typical, following the coup initiated by the country’s military. Researchers observed that the patterns of disruption indicated an order to telecommunications providers to reduce users’ ability to connect to the Internet. The coup has drawn international outrage, and the disruption of communications was likely intended to prevent dissenters from organizing a response, as well as to hide any abuses conducted by the military.
For more details, read the full Weekly Intelligence Summary here: