In the Spotlight this Week:
- Online Vendors in Singapore Targeted by Russian Threat Group
- Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook
- Maui Ransomware Linked to North Korean Group Andariel
- North Korean Hackers Target Crypto Experts with Fake Coinbase Job Offers
- A Preview of Cyber Warfare in Taiwan
A cyber gang that has been targeting legitimate sellers on internet forums has expanded their illicit operations into Singapore. Cyber security researchers have been tracking the group under the name ‘Classiscam’ since spotting the group in 2020. The threat actors pose as buyers but harvest victims payment credentials and drain their bank accounts instead. Originally from Russia, Classiscam is a large criminal operation that is worth nearly USD 30 Million in illicit revenue. It has since expanded to Europe, the US, and now in Asia. The criminal organization has approximately 380 groups operating on Telegram, with over 38,000 ‘employees’ working under the criminal group.
Classiscam has a large pyramidal organizational hierarchy that relies heavily on bots to automate the creation of scam pages, new account registration, and assistance in the case if a transaction is blocked by the bank.
Meta has reported disrupting cyber espionage operations of hacking groups, Bitter APT and APT36, that leveraged its social media platforms to distribute malware to victims. These hacking groups operate out of South Asia and target individuals located in New Zealand, India, Pakistan, as well as the United Kingdom. While low in sophistication and operational security, the threat actors were persistent and well-resourced in their attacks.
For example, Bitter APT was found to deploy social engineering tactics by posing on social media platforms using fake personas to lure victims into clicking on malicious links via Apple TestFlight, a legitimate online service used for beta-testing apps and providing feedback to app developers.
The Maui ransomware, which has been attacking healthcare operations in the US, has been linked to North Korea state-sponsored threat group, Andariel (also linked to Lazarus Group). Andariel has been active since 2015, and is commonly known to conduct cyber espionage to generate revenue for the North Korean regime.
The US healthcare facilities had paid about USD 500,000 in ransom during the Maui attacks, most of which were recovered by the Department of Justice and the Federal Bureau of Investigation via blockchain tracing and identifying accounts used to launder the digital currency in China.
The Maui ransomware was first used in an attack on an unnamed Japanese housing organization last year, and was linked to Andariel through the use of the DTrack malware in other similar incidents in Russia, Vietnam, and India within the same timeframe.
North Korean Lazarus hacking group has been engaging in a new social engineering campaign designed to hack employees in the fintech industry by posting fake Coinbase job offers on LinkedIn. Coinbase is one of the largest cryptocurrency exchange platforms, which makes their ‘job offers’ enticing and lucrative for potential prospects. Prospects download a decoy PDF about the job position, but actually download a malicious executable instead. Once executed, the malware then utilizes GitHub as a command and control server to perform commands on the infected device and gain access to the corporate network.
A Preview of Cyber Warfare in Taiwan
Over the past week, Taiwan has been hit by a barrage of cyber attacks on various government websites following US House of Representatives Speaker Nancy Pelosi’s visit to Taiwan.
Cyber Researchers have uncovered a significant new disinformation campaign from the Chinese government to increase fears about the danger of Pelosi’s visit as well as to smear Beijing’s critics. Approximately 72 websites that claim to be reputable media outlets were found to be controlled by the Chinese government.
The multi-pronged cyber attacks alongside the disinformation campaign strikes a harrowing preview on how a full scale cyber warfare with China would look like. While typical netizens might not care much if a government website operated less efficiently due to a Ddos attack, but a clear compromise of in-store displays of a local 7 Eleven convenience store would resonate more deeply with citizens.
Hacking 7-11 in Taiwan
China Steps Up Cyber Attacks, Disinformation Campaigns Targeting Taiwan
Researchers Uncover Significant New Disinformation Campaign