1 October 2021 | Asia Cyber Summary

FEATURE ANNOUNCEMENT: Blackpanda and Pandamatics Partner with SentinelOne to Provide Incident Response and Cyber Insurance for APAC Businesses

Blackpanda is excited to officially announce our partnership with SentinelOne. SentinelOne’s market-leading EDR platform empowers our highly trained specialists to accelerate response and remediate breaches for our clients in crisis using their AI-powered automated technology.

We have come together to offer our clients premier incident response services paired with award-winning technology and look forward to tackling the rising trend of cyber attacks in the APAC region together.

Read more here: https://www.sentinelone.com/press/blackpanda-and-pandamatics-partner-with-sentinelone-to-provide-incident-response-and-cyber-insurance-for-apac-businesses/

In the spotlight this week:

  • Singapore-based US cryptocurrency promoter pleads guilty to advising North Korea

  • China intensifies attacks on major Afghan Telecom firm as US finalizes withdrawal

  • Researcher publishes source code for three unpatched iPhone exploits

  • Android Trojan steals millions of dollars from over 10 million users

  • 75K email inboxes hit in new credential phishing campaign

Singapore-Based US Cryptocurrency Promoter Pleads Guilty to Advising North Korea

A prominent American cryptocurrency promoter and former hacker has plead guilty to advising North Korea on using virtual money to avoid international controls, a New York court said.

Virgil Griffith, who is based in Singapore, launched projects in 2018 to provide services to individuals in North Korea by developing and financing cryptocurrency structures, including cryptocurrency mining. Griffith had attended a conference on blockchain and virtual currencies in Pyongyang where he spoke about how to use both technologies "to evade sanctions", the US Justice Department said. Doing so violated US Treasury bans on "exporting any goods, services, or technology" to North Korea, put in place in response to the country's nuclear weapons programme.

China Intensifies Attacks on Major Afghan Telecom Firm as US Finalizes Withdrawal

Several China-linked cyber-espionage groups were observed to be intensifying attacks on a major telecom firm in Afghanistan just as the US was finalizing its withdrawal from the country. Threat intelligence companies reported four different Chinese threat groups targeting a mail server belonging to Roshan, a major telecom provider that has more than 6.5 million subscribers across Afghanistan. The attacks were conducted by the groups known as Calypso and RedFoxtrot.

The telecommunications firm offers a valuable platform for strategic intelligence collection, be it for monitoring of downstream targets, collection of communication data, as well as the ability to track and monitor individual targets. The PRC seeks to increase its influence within Afghanistan to prevent regional instability and extremism from spreading into other Central Asian countries.

Frustrated Researcher Publishes Source Code for Three Unpatched iPhone Exploits

A security researcher published the details of three vulnerabilities that affect up-to-date iPhones, which could be used by a malicious app to gather personal information. The researcher, who goes by Illusionofchaos but whose real name is Denis Tokarev, published details in a blog post and the source code for exploits on GitHub. Tokarev decided to go public to share his "frustrating experience participating in Apple Security Bounty program".

Illusionofchaos wrote: "I've reported four zero-day vulnerabilities this year, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page". Tokarev added. "There were three releases since then and they broke their promise each time. Ten days ago I asked for an explanation and warned then that I would make my research public if I don't receive an explanation. My request was ignored so I'm doing what I said I would".

Android Trojan Steels Millions of Dollars from Over 10 Million Users

A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge.

The malicious trojan is called "GriftHorse". The malicious apps catered to a varied set of categories ranging from Tools and Entertainment to Personalization, Lifestyle, and Dating, effectively widening the scale of the attacks.

75K Email Inboxes Hit in New Credential Phishing Campaign

Some 75,000 email inboxes have been impacted so far in what appears to be an email phishing campaign motivated by credential harvesting. Researchers observed the attack on customer systems across Office 365, Microsoft Exchange, and Google Workspace environments. The attack involved the use of a lure that spoofed an encrypted message notification from email encryption and security vendor Zix. The notification bore enough resemblance to the original to lead recipients into believing they had received a valid email.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.