16 Dec 2022 | Asia Cyber Summary

In the spotlight this week:

• Hackers Target Japanese Politicians with New MirrorStealer Malware
• TPG Telecom Joins List of Hacked Australian Companies
• Australian Fire Service Hit By Potential Cyber Breach
• MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics
  ‍

Hackers Target Japanese Politicians with New MirrorStealer Malware

Weeks before the House of Councilors election in July 2022, a hacking group tracked as MirrorFace (APT10 or Cicada) has been targeting Japanese politicians using a previously undocumented credentials stealer named ‘MirrorStealer’. The threat actors sent spear phishing emails to their targets, impersonating PR representatives for the target's political party and requesting that they share the attached video files on social media. In other cases, the threat actors impersonated a Japanese ministry, attaching decoy documents that extract WinRAR archives in the background. MirrorStealer targets passwords kept in email clients and web browsers, including "Becky!," a well-known email client in Japan. 

TPG Telecom Joins List of Hacked Australian Companies

TPG Telecom Ltd., a provider of internet services, became the most recent Australian company to experience a high profile cyber attack, with emails of up to 15,000 corporate clients accessed to obtain cryptocurrency and financial information. TPG is Australia’s second largest internet service provider, catering to 7.2 million accounts. Measures have since been put in place to halt any further unauthorized access, and the company is currently contacting all customers affected by the incident. Hacking incidents at high-profile Australian corporations, according to cyber security experts, have highlighted the industry's massive skills shortage and inadequate measures, making it easy prey for copycat cyber attackers.

Australian Fire Service Hit By Potential Cyber Breach

An Australian fire service, Fire Rescue Victoria, suffered a massive IT outage on Thursday morning. A breach in its IT systems set off an alarm, which led to several of its internal systems being shut down as a precautionary measure. While the cause of the breach is yet to be determined, the possibility of a cyber attack has not been ruled out completely. Phones, email, the website, and the automated systems for the service are all currently unavailable. This includes a program that activates station doors as soon as a call-out is received by a computer. Instead, the Emergency Services Telecommunications Authority (ESTA) can dispatch fire trucks using mobile phones, radios, or pagers. 

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

Iranian hacking group MuddyWater has been observed targeting several countries in the Middle East and Central and West Asia as part of a new spear phishing campaign. MuddyWater is believed to be a subordinate element of the Iranian government’s Ministry of Intelligence and Security (MOIS). The hacking group is known for carrying out cyber espionage campaigns against telecommunications, government, defense, and oil sectors. MuddyWater’s modus operandi typically uses phishing lures that contain direct Dropbox links or document attachments with an embedded URL pointing to a ZIP archive file containing malware. The malware then allows the hacker remote access to a machine to conduct reconnaissance, deploy additional backdoors, and sell access to other threat actors.