3 Feb 2023 | Asia Cyber Summary

In the spotlight this week:

• North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign
• Verified Android Vendor Targets Mobile Payment Systems With Web Injects
• Australia's Digital Taxi Service, Black and White Cabs, Offline After Cyber Attack
• LockBit Ransomware Gang Releases LockBit Green Version
• LockBit Hackers Behind ION Breach Also Hit Royal Mail, Hospital‍

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A recent intelligence operation connected to the well-known Lazarus Group, which is supported by the North Korean government, exploited security flaws in unpatched Zimbra devices to compromise victim systems. The incident, codenamed No Pineapple, in reference to an error message that is used in one of the backdoors, was a malicious operation that targeted a healthcare research organization in India, the chemical engineering department of a leading research university, as well as a manufacturer of technology used in the energy, research, defense, and healthcare sectors, suggesting an attempt to breach the supply chain.

‍Verified Android Vendor Targets Mobile Payment Systems With Web Injects

Cyber security researchers discovered that a threat actor known as InTheBox has been stockpiling web injects compatible with various Android banking malware on their dark web online shop. An Android web inject is a custom-made module crafted to harvest sensitive information from specific applications. Injects on the InTheBox shop target retail banking, mobile payment systems, cryptocurrency exchanges, and mobile e-commerce apps. Among those affected are organizations in Australia, Brazil, India, Indonesia, Japan, Kuwait, Malaysia, the Philippines, Qatar, Saudi Arabia, Singapore, Thailand, and the United States, as well as other locations in Europe and Asia.

‍Australia's Digital Taxi Service, Black and White Cabs, Offline After Cyber Attack

A digital ride-booking service based in Australia, Queensland, has been forced offline after being hit by a cyber attack. While it appears that customer data has not been compromised, the digital taxi service has not specified when the ride-booking service would resume operations. Extra security measures have been put in place and investigations are ongoing. 

‍LockBit Ransomware Gang Releases LockBit Green Version

The LockBit gang group released a new version of their ransomware, named LockBit Green, which is designed to target cloud-based services. It is not surprising that ransomware actors have now expanded their targets to include virtualization servers since virtualization is the cornerstone of any large-scale deployment of computing and storage resources. With just one attack, it is possible to shut down entire data centers and affect virtualized storage that is shared among workloads, with disastrous results.

‍LockBit Hackers Behind ION Breach Also Hit Royal Mail, Hospital

The hacking group behind a cyberattack against the software firm ION Trading UK has recently conducted a series of breaches throughout the world, with its victims including the UK’s postal service and local government agencies in the US. The gang, known as LockBit, is a prolific ransomware operator, according to cybersecurity experts, specializing in using malicious software to encrypt files on a victims’ computer, then demanding payment to unlock the files. Earlier this week, it struck an ION system that paralyzed derivatives trading across markets for everything from commodities to bonds, forcing a number of European and US banks and brokers to process some trades manually.

Related Articles: 

Cyber Attack At Financial Data Group Ion Affects Derivatives Trading

‍