2 Sep 2022 | Asia Cyber Summary

In the Spotlight this Week:

• Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks
• Severe TikTok Android App Flaw Allowed Account Hijacking
• Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
• Privacy Commissioner Closes Probe into RBNZ Cyber Defenses
• New Cyber Security Center to Protect NSW Police Network

Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks

APT40 Chinese nation-state hackers conducted a months-long cyber espionage campaign with reconnaissance malware to conduct cyber espionage. Victims of the recent campaign spanned Australia, Malaysia, Europe, and entities that operate in the South China Sea. The threat actors have been active since 2013 and are known to target organizations in the Asia-Pacific region, with a primary focus on the South China Sea. The threat actors conducted several phishing campaigns by using URLs masqueraded as Australian media firms to deliver the ScanBox reconnaissance framework. The target devices are first infected with malicious JavaScript code, before an actor-controlled domain is used to deliver the malware.

Severe TikTok Android App Flaw Allowed Account Hijacking

Researchers have found a high-severity vulnerability within two versions of the TikTok Android app that allows hackers to send messages, access, and upload videos, without users' knowledge. The regional versions of the app included one meant for East and Southeast Asia, while the other is for the rest of the world. To exploit this vulnerability, the attackers need only deploy a tailor-made malicious link before being able to access a trove of personal data. 

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored threat actors are exploiting unpatched systems running Log4j to target Israeli entities, indicating the vulnerability’s long tail for remediation. The threat group tracked as MuddyWater (aka ColbaltUlster, Mercury, Seedworm, or Static Kitten) is linked to the Iranian intelligence apparatus, the Ministry of Intelligence and Security (MOIS). After compromising target devices, webshells are deployed to execute commands that permit the actor to conduct reconnaissance, establish persistence, steal credentials, and facilitate lateral movement.

Privacy Commissioner Closes Probe into RBNZ Cyber Defenses

New Zealand’s Privacy Commission has closed a probe into the Reserve Bank of New Zealand’s (RBNZ) cyber defenses, following a breach in Dec 2020. The RBNZ was the victim of a cyber attack on a third party file sharing application used to share and store information. The Office of the Privacy Commissioner had issued a notice to the RBNZ for not meeting its obligations under the privacy act, but have since closed the compliance notice after gaining confidence that the RBNZ has made every recommended change to its privacy and cyber defenses and more.

New Cyber Security Center to Protect NSW Police Network

A new Cyber Security Operations Center has been launched in a joint project led by the NSW Police Force and Cyber Security NSW. The center aims to safeguard the NSW Police Force systems from terrorists, organised criminal networks and hackers, and will have a frontline tactical team of fifteen analysts and engineers working seven days a week. The NSW Police Force holds a significant amount of sensitive data on local, national, and international criminal investigations, and this information could be highly valuable to criminals.

‍