Adam, Kim, Demelza and Stefano discuss the latest threat intel updates. On this episode, they cover:

  • New Zealand Stock Exchange DDoS attacks: Services affected & extent of impact
  • Tesla employee thwarts cyberattack: Developments & internal threats
  • Pioneer Kitten observed monetizing cyber activity
  • Information about Slack vulnerability
  • Tor projects launch membership program: why & what does this mean?

Listen below 👇👇

Pioneer Kitten sells stolen swag on underground forum

Researchers claim that the Iranian state-associated threat group “Pioneer Kitten” has begun selling access to networks compromised during the three-year-long Fox Kitten cyber-threat campaign. Posts to an unnamed underground forum in late July 2020 suggested that the group was attempting to monetize network accesses that were no longer of interest to the Iranian state. This is atypical of state-linked groups, which seldom seek to monetize information obtained from their victims. It is realistically possible that more accesses and/or data will be advertised for sale in the mid-term future.

FBI indictment sheds light on Tesla attack attempt

Following reports that an employee at the US-based technology firm Tesla had foiled a potential cyber attack, the FBI indicted a Russian national named Egor Igorevich Kriuchkov, who was purportedly involved in plotting the attack. Kriuchkov is accused of attempting to coerce the employee by offering USD 1 million in cryptocurrency or cash to insert malware into Tesla’s network. It is realistically possible that this individual is associated with the “Ragnar Locker” ransomware group, given his claims to have extorted a previous victim of Ragnar Locker and benefitted from the attack.

New cryptomining malware targets Eastern Europe

A new strain of cryptomining malware, named KryptoCibule, has been identified by researchers. The malware, which targets Microsoft Windows systems, has been active since at least December 2018, and reportedly has been updated 70 times since then. KryptoCibule is capable of installing cryptomining software, stealing user wallet details, and replacing wallet addresses on the victim’s copy-and-paste Clipboard to hijack payments. It is being spread through infected torrent files for pirated software, which remains a credible threat to users.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 04 September 2020