In the Spotlight this Week:
Researchers discover PhoneSpy malware spying on South Korean citizens
Hackers with Chinese links breach defense and energy targets
Robinhood hacked, millions of names and emails stolen
US seizes USD 6 million in ransom payments and charges Ukrainian citizens over major cyber attack
Microsoft issues patches for actively exploited Excel Exchange Server zero-day bugs
An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices. With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices.
PhoneSpy enables the threat actor to access the camera to take pictures, record video and audio, get precise GPS location, view pictures from the device, as well as extract SMS messages, contacts, call logs, and even send SMS messages to the phone with attacker-controlled text.
Suspected spies using similar tools and tactics to a Chinese government-connected hacking group compromised nine organizations in the defense, education, energy and health care industries across the globe beginning in September, according to new research.
Although the researchers could not say with certainty who was behind what seemed like an espionage campaign, the hackers used tools and tactics similar to those of a Chinese hacking group alternately known as Emissary Panda, APT27 and Threat Group 3390.
Mobile stock trading platform Robinhood admitted a security breach that exposed names and email addresses for millions of users and “extensive account details” for what appeared to be very specific targets.
The breach happened on November 3rd, and Robinhood said the attacker “demanded an extortion payment” and that it promptly notified law enforcement.
Law enforcement officials seized an estimated USD 6 million in ransom payments and federal prosecutors charged a suspect from Ukraine. Yaroslav Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, are charged with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges.
The State Department announced a reward of up to $10 million for information leading to the identification or location of the leadership of the REvil ransomware gang.
Microsoft released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system.
Of the 55 glitches, six are rated Critical and 49 are rated as Important in severity, with four others listed as publicly known at the time of release. To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.