12 May 2023 | Asia Cyber Summary

In the spotlight this week:

• New Malware Strain Hits Eastern Asia
• Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects
• Australia's TechnologyOne says Customers Face No Impact from Cyber Attack
• Ex-Uber CSO Avoids Jail
• FBI Sabotaged Hacking Tool Created by Elite Russian Spies

New Malware Strain Hits Eastern Asia

A new phishing malware strain has emerged in Eastern Asia, which imitates legitimate apps to steal user credentials and banking data. The 'FluHorse malware is delivered through email and utilizes malicious Android applications that mimic popular apps with over 100,000 installations. CheckPoint Research uncovered these malicious apps designed to extract sensitive information, including user credentials and Two-Factor Authentication (2FA) codes. The targeted apps are 'ETC,' a toll-collection app in Taiwan, and 'VPBank Neo,' a banking app in Vietnam, both having over a million downloads on Google Play. Cybercriminals often choose popular apps to maximize their attack's impact. Checkpoint identified high-profile recipients of these phishing emails, including government sector employees and large industrial companies. This emergence of FluHorse coincides with a significant increase in cyber attacks in the Apac region, with organizations experiencing an average of 1,835 attacks per week in the first quarter of 2023, a 16% increase from the previous year.

‍Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

A cyber campaign has taken over thousands of East Asian-focused websites since September 2022, redirecting visitors to adult-themed content. The attack uses malicious JavaScript code injected into hacked websites, with cyber criminals using acquired, auto-generated FTP credentials to take control. Many breached websites are either based in China or cater to Chinese users, making it hard to identify a common attack vector. The rogue code URLs are geofenced to prevent execution in some East Asian countries. The group's precise motives are unclear, but the campaign may be aimed at ad fraud, SEO manipulation, or driving traffic to websites.

‍Australia's TechnologyOne says Customers Face No Impact from Cyber Attack

TechnologyOne Ltd, an Australian software maker, clarified that its customer-facing software-as-a-service platform was not affected by the recent cyber attack on its internal back-office system. The company discovered unauthorized third-party access to its internal Microsoft 365 system earlier this week. However, the back-office system has been restored and confirmed to be fully operational and secure by third-party cybersecurity experts. TechnologyOne is now focusing on investigating the incident and determining if any data was accessed. This cyber attack adds to a growing list of major Australian companies that have faced data breaches and unauthorized access, highlighting the vulnerability of corporations to cyber attacks.

‍Ex-Uber CSO Avoids Jail

Former Uber Chief Security Officer (CSO), Joseph Sullivan, has been sentenced to three years of probation and a USD 50,000 fine for his role in attempting to cover up a massive data breach that affected millions of Uber customers and drivers. Sullivan was convicted last year for obstruction of justice and concealing the breach from authorities in 2016. This is the first time a corporate executive has been convicted of criminal charges related to a data breach in the United States, setting a precedent for future cases. The judge emphasized that the lighter sentence was meant to be a lesson rather than leniency, taking into account Sullivan's loyalty to Uber rather than acting out of greed. The outcome of the case has drawn attention from other CFOs, who are concerned about the potential impact on their own liabilities in future data breach cases. Sullivan, who was fired from Uber following the incident, currently serves as the CEO of Ukraine Friends, a non-profit organization providing humanitarian aid to Ukraine.

‍FBI Sabotaged Hacking Tool Created by Elite Russian Spies

On Tuesday, US authorities announced that the FBI had disabled a suite of malicious software used by Russia's FSB security service, providing insight into the ongoing cyber conflicts between the two nations. The FBI's technical experts identified and neutralized the malware, known as Snake, which is believed to be the premier espionage tool used by the FSB. The malware was attributed to a hacking group called Turla, notorious for its activities over the past two decades targeting NATO-aligned entities, US government agencies, and technology companies. The operation, conducted in cooperation with security agencies in the UK, Canada, Australia, and New Zealand, aims to eradicate Snake from the virtual battlefield. Turla is recognized as one of the most sophisticated hacking groups, known for its stealth and operational security. Russian officials have not yet commented on the matter, and Moscow typically denies engaging in cyber espionage operations.