This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence. In this episode they cover: 

  • Visa issues a warning about new credit card skimmer “Baka”
  • Epic Manchego – Atypical malicious document delivery
  • What is Smaug and how does it operate?
  • Emotet – are there new developments and why did France send an advisory?

Listen below 👇👇

Evilnum unleashes new Python-based PyVil RAT

Researchers reported on the discovery of a new Python-based RAT being deployed by the “Evilnum” threat group. Evilnum has launched highly targeted operations against FinTech companies, distributing the “PyVil” RAT. The new RAT supports many types of activity, including keylogging, distributing executables, downloading Python scripts, running “cmd” commands, and opening Secure Shell (SSH) shells. PyVil has been used in spearphishing attacks against FinTech companies across the UK and European Union, using Know Your Customer regulations (KYC) as a lure in messages.

France, New Zealand, Japan warn of increase in Emotet attacks

Cyber-security agencies in France, New Zealand, and Japan have published security alerts that highlight an increase in attacks delivering the “Emotet” banking trojan. The alerts pertain to malspam campaigns originating from Emotet infrastructure, directed at private-sector companies and government agencies in the three countries. Recipients of the spam email messages are directed to open malicious Microsoft Word documents and password-protected ZIP files containing the Emotet malware. Researchers noted less activity in France than in New Zealand and Japan, although the attacks caused numerous infections in the network of the Paris court system, resulting in a state of emergency triggered by French officials.

CISA raises red flag about North Korea’s BeagleBoyz

The US Cybersecurity and Infrastructure Agency (CISA) released an advisory on North Korea’s “BeagleBoyz”, a subset of the “Lazarus Group” threat collective. They warned that the group is targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cash-outs. BeagleBoyz’s international bank robbery schemes are exploiting critical banking systems and intend to erode confidence in the systems they target. The group is suspected to be working with, or contracting work to, criminal hacking groups, such as “TA505”, for initial access to financial institutions’ networks.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 11 September 2020