22 July 2022 | Asia Cyber Summary

In the Spotlight this Week:

• Pegasus Phone Spyware Used to Target Thai Activists
• Cloud Botnet Hijacks 30,000 Systems to Mine Cryptocurrencies
• China Accuses Indian APT Group Of Cyber Warfare Against Pakistan; 2nd Major Accusation After 'Evil Flower'
• Luna in Rust: New Ransomware Group Emerges
• BlackCat Adds Brute Ratel Pentest Tool to Attack Arsenal

‍

Pegasus Phone Spyware Used to Target Thai Activists

Approximately 30 Thai political activists have been hacked using an Israeli surveillance spyware ‘Pegasus’. These attacks were launched locally and discovered when Apple Inc. sent mass alert messages to thousands of iPhone users, informing them that they have been targets of ‘state-sponsored attackers’. 

NSO Group, the Israeli firm behind Pegasus, has been known to exclusively sell its spyware to governments. These governments use Pegasus to spy on journalists, activists, and dissidents. Due to these reasons, NSO Group has been sued by Apple Inc. and is placed on the US trade blacklist.

Cloud Botnet Hijacks 30,000 Systems to Mine Cryptocurrencies

The Chinese-speaking 8220 Cryptomining gang has recently expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. The threat group infects cloud hosts using a botnet to target cryptocurrency miners using known vulnerabilities and remote access tools to inject infection vectors using brute force.

This expansion comes following a rise in Linux and common cloud application vulnerabilities and poorly secured configurations for services such as Docker, Apache WebLogic, and Redis. Research has shown that the low-skill crime gang does not target its victims geographically but rather, identifies them by their internet accessibility.

China Accuses Indian APT Group Of Cyber Warfare Against Pakistan; 2nd Major Accusation After 'Evil Flower'

China has accused Indian advanced persistent threat (APT) group ‘Confucius’ for launching cyber attacks against the Pakistani government and military institutions. The accusation stands that India employs these APTs as tools of cyber warfare against China and its neighbors in South Asia. The Chinese state media has previously accused New Delhi of targeting governments and military enterprises of various South Asian countries, such as that in November 2021, where Indian hacking group ‘Evil Flower’ was previously accused of conducting multiple cyber attacks on government and military institutions in China, Pakistan, and Nepal.

Luna in Rust: New Ransomware Group Emerges

Cyber researchers have discovered a new ransomware group ‘Luna’ that uses ransomware that is written in Rust, a programming language that has been previously used by other hacking groups. Rust grants these hacking groups cross platform functionality to port malware from one operating system to another, allowing them to inject malware across multiple operating systems such as Windows, Linux and ESXi.

The discovery of Luna supports research showing that there is an upward trend of ransomware groups turning to cross-platform functionality.

BlackCat Adds Brute Ratel Pentest Tool to Attack Arsenal

The BlackCat ransomware has been upgraded to include Brute Ratel, a pen-testing tool with remote access features. Brute Ratel displays similar features to that of Cobalt Strike, including remote access features. These attacks were observed to have occurred across the US, Europe, and Asia within large organizations operating in different industries.

Threat actors break into large-scale enterprise networks using BlackCat by exploiting unpatched vulnerabilities in firewall or VPN devices. After gaining entry into these systems, the attackers install remote access utilities in a system, which grants them secondary access to connect to a victim’s network remotely.