header image

Cyber Intelligence Briefing: 26 May 2023

Miles Arkwright, James Tytler 26 May 2023
26 May 2023    Miles Arkwright, James Tytler

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

top NEWS stories this week

  1. Cyber diplomacy. Iranian threat actors target Israeli shipping and logistics firms, and separately GoldenJackal revealed to have been targeting Asian government entities since 2019.
  2. iSpoof. British national jailed for running multimillion-pound fraud website.
  3. Big game hunting. Rheinmetall AG and Capita fall prey to BlackBasta ransomware attacks.
  4. Imposter. Malicious software mimicking original packages found in open-source software NodeJS.
  5. Cyber espionage exposed. China-backed hackers breach critical infrastructure in US.
  6. Tricky business. Philadelphia Inquirer denies ownership of leaked data. 

1. STATE-BACKED THREAT ACTORS TARGETING SHIPPING AND LOGISTICS FIRMS, AND ASIAN GOVERNMENT ENTITIES

Security researchers have attributed a series of targeted ‘watering hole’ attacks against Israeli shipping and logistics websites to an Iranian state-backed threat actor.

Separately, an Advanced Persistent Threat (APT) named GoldenJackal has reportedly carried out espionage activities against various Asian government agencies since 2019. The group, whose infection vectors are unknown, has maintained a low profile since inception to avoid detection.

 

      

SO WHAT?

APT attacks are sophisticated and carefully planned to evade security controls and avoid detection. Active threat hunting can help identify an intrusion. 

 

 

New call-to-action

 

2. FRAUD WEBSITE OWNER JAILED IN GLOBAL FRAUD INVESTIGATION

A British national has been jailed for running the multimillion-GBP fraud website iSpoof, following an international fraud investigation. The website allowed users to impersonate the phone numbers of major companies to defraud victims, with an estimate of 200,000 global victims and GBP 48 million stolen.

 

                                           

SO WHAT? 

Cyber criminals can mask their identity in multiple ways. Before sharing sensitive information such as credit card or banking details, it is important to verify the authenticity of the request through a separate channel.

 

 

3. BLACKBASTA GOES BIG GAME HUNTING

German automotive and arms manufacturer Rheinmetall AG confirmed a BlackBasta ransomware attack last week. While the attack left Rheinmetall's military operations unaffected, stolen data samples, including non-disclosure agreements and technical schematics were published on BlackBasta's leak site. Notorious for targeting high-profile entities, BlackBasta recently attacked ABB and Capita.

 

                                           

 SO WHAT?

A robust threat intelligence programme should provide insights into the profiles of threat groups likely to target your organisation. This intelligence can be used to ensure organisations are adequately prepared to defend against their biggest threats.  

 

 

4. MALICIOUS PACKAGE FOUND IN OPEN-SOURCE SOFTWARE LIBRARY NODEJS

Researchers have discovered malicious software packages in NodeJS libraries, an open-source software library used in multiple web applications. The malicious packages remained in the library for over two months, resulting in the deployment of trojan malware to victim systems.

 

    

 SO WHAT?

Organisations that use open-source software libraries must review them on a regular basis for vulnerabilities and the risk they pose to the software supply chain.

 

 

5. CHINESE CYBER ESPIONAGE CAMPAIGN

Microsoft has warned that a Chinese espionage group named ‘Volt Typhoon’ has been targeting critical infrastructure organisations across the US since mid-2021. The group gains initial access by exploiting an unknown vulnerability in Fortinet FortiGuard devices. Microsoft assesses that Volt Typhoon's activities focus on intelligence gathering and espionage rather than immediate disruption.

 

    

SO WHAT FOR SECURITY TEAMS?

Follow Microsoft and the National Security Agency’s guidance for mitigating and hunting the threat posed by Volt Typhoon.

 

 

6. RANSOMWARE GROUP CHALLENGED OVER PHILADELPHIA INQUIRER ATTACK

The Cuba ransomware group has claimed responsibility for the recent attack on the Philadelphia Inquirer. The threat group leaked information allegedly stolen from the attack, including balance sheets, financial documents, and source code. The newspaper has denied the authenticity of the leaked documents, resulting in the threat group deleting their post.

 

    

 SO WHAT?

Cyber criminals can be unpredictable. Having a post-incident communication strategy will prepare you for managing public relations and reputation.

 

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Associate, Cyber Security Email Miles
James Tytler
James tytler Associate, Cyber Security Email James

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report