Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first – we get a rundown of the brand new Photon research blog this week around phishing from Harrison and Alex. The team covers:

  1. New phishing ecosystem research we just dropped this week – check it out for some interesting new data findings: https://www.reliaquest.com/blog/the-ecosystem-of-phishing/
  2. OurMine Hacks FC Barcelona and Olympics Twitter Handles
  3. Google AdSense Email Extortion Scam
  4. FBI IC3 Report

Listen below 👇👇👇

 

Fox Kitten campaign targets the US and Israel

A likely Iranian cyber espionage campaign named Fox Kitten has reportedly been targeting various industries in the United States and Israel since 2017. Organizations in the IT, oil and gas, aviation, telecommunication and government sectors were targeted with destructive and information-stealing malware. The campaign allegedly exploited vulnerabilities in VPN and RDP products, and aligned with current Iranian state-associated motives for targeting the United States.

 

Apollon marketplace owners scam their exit

Operators of the dark web marketplace “Apollon” have been accused of conducting DDoS attacks against the site’s vendors as well as other marketplaces, amid an exit scam. Apollon’s accusation of an exit scam is a common theme identified in cybercriminal marketplaces that are either closing or seeking to exploit its users and/or vendors before closing. Typically, these scams occur when a marketplace fails to succinctly establish itself within the cybercriminal community, and those operating on or conferring with these sites will likely be affected. Organizations previously targeted by these sites are sometimes also targeted; however, at the time of writing, the impact of any activity is unconfirmed.

 

ThemeGrill burns 200,000 WordPress sites

A vulnerability in the WordPress plug-in “ThemeGrill Demo Importer” has exposed over 200,000 sites since 2017. The vulnerability was only identified on 06 Feb 2020, which allows a threat actor to revert a database on the site back to its default settings and parse its contents. While there are no confirmed compromises due to the vulnerability at the time of writing, it highlights the risks associated with not effectively addressing the security protocols of application and website plug-ins.

 

For more details, read the full Weekly Intelligence Summary

Weekly Intelligence Summary 21 Feb 2020

And to stay up to date with the latest from Digital Shadows (now ReliaQuest), subscribe below.