6 Jan 2023 | Asia Cyber Summary

In the spotlight this week:

• Malaysia Minister Tells Agencies to Look into Purported Data Leak Involving 13 Million Accounts
• Twitter Data Leak – Over 200 Million User Data Open to the Public
• Five Guys Data Breach Puts HR Data Under a Heat Lamp
• Threat Actors Stole Slack Private Source Code Repositories
• Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware

Malaysia Minister Tells Agencies to Look into Purported Data Leak Involving 13 Million Accounts

A purported data leak allegedly involving some 13 million account holders and containing information from satellite broadcaster Astro, the Election Commission of Malaysia, and Maybank has triggered an investigation. A threat actor on the dark web has shared sensitive data, including the full names, identity card numbers, and contact information of user accounts. Malaysia has seen a number of data leak incidents in 2022, including a breach of the government’s online salary system in September as well as a data breach involving more than 11.6 million Malaysian WhatsApp users being sold online.

Twitter Data Leak – Over 200 Million User Data Open to the Public

Twitter users face a major security threat as threat actors publicly disclosed 63GB of data, connecting over 200 million Twitter users with their names and email addresses. The database is available for anyone to download, posing severe security risks to millions of people. The dataset that was made available to the public in December included Twitter usernames, handles, email addresses, and phone numbers. The publicly accessible database contains the same type of information. Threat actors likely obtained the Twitter data by abusing system flaws to harvest user information at scale, a practice known as ‘scraping’ via an application programming interface (API) vulnerability. 

Five Guys Data Breach Puts HR Data Under a Heat Lamp

The Five Guys burger empire has been hit with what appears to be a "smash-and-grab" operation: individuals who applied for jobs at the chain had their personally identifiable information (PII) stolen by cyber attackers from a file server. The data breach notice indicates the unauthorized access of a single file server, with no lateral movement across the server. Stolen data includes applicants' social security numbers as well as driver's license data. Five Guys has been involved in previous hacking incidents where a threat actor used stolen data to make fraudulent charges on bank debit and credit cards.

‍Threat Actors Stole Slack Private Source Code Repositories

Enterprise collaboration platform Slack has recently disclosed a data breach where threat actors stole some of its private source code repositories. Attackers had stolen a limited number of employee tokens and used them to gain access to an externally hosted GitHub repository. The primary codebase was missing from the accessed repositories. The company responded to the incident by immediately invalidating the stolen tokens and starting an investigation into how it might have impacted its customers. Slack added that threat actors did not exploit any vulnerability in its systems to achieve unauthorized access. The investigation is still ongoing.

‍

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware

A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. 

The unidentified adversary is thought to have taken over the IT system of a cooperative bank in Colombia, using the data to create convincing decoy messages to entice targets into opening dubious Excel attachments. BitRAT, a ready-made malware that can be purchased on darknet markets for just $20, has a wide range of features that allow it to steal data, gather login information, mine cryptocurrency, and download additional binaries.