14 Aug 2020 | Asia Cyber Summary

Updated: Sep 11, 2020

Congratulations to Blackpanda DFIR Specialist Shuchen Hu for being named one of the Top 20 Women in Cyber Security in Singapore! We’re proud to see hard work recognized. This award is presented by The Women in Security & Resilience Alliance (WISECRA), MySecurity Media, and Responsible Cyber.

In the spotlight this week:

• A new phishing campaign utilizing Zoom meeting invitations has been observed targeting O365 credentials

• Dharma offers an easy to use Ransomware as a Service, making complex malware usable to threat actors that have limited skills

• The FBI has warned of Iranian state-backed hacking groups targeting the F5 BIG-IP vulnerability CVE-2020-5902

AUG 12, 2020 | Dharma Offers Easy-To-Use Ransomware as a Service, Making Complex Malware User Friendly to Threat Actors With Limited Skills

This is an unfortunate trend that we are seeing where advanced tools and techniques are now available to criminals with limited technical skills. To combat the relative ease with which these tools can now be deployed, businesses should ensure they have modern EDR solutions in place, with regular backups, and an incident response procedure that is regularly rehearsed.

Source: https://www.bleepingcomputer.com/news/security/dharma-ransomware-created-a-hacking-toolkit-to-make-cybercrime-easy/

AUG 8, 2020 | The FBI Has warned of Iranian State-Backed Hacking Groups Targeting the F5 BIG-IP Vulnerability CVE-2020-5902

The F5 BIG-IP vulnerability CVE-2020-5902 previously reported by Blackpanda is now being exploited by Iranian threat actors. The US-CERT recommends the following actions be taken:

 Reimage compromised hosts

• Provision new account credentials

• Limit access to the management interface to the fullest extent possible

• Implement network segmentation

Source: https://www.bleepingcomputer.com/news/security/fbi-iranian-hackers-trying-to-exploit-critical-f5-big-ip-flaw/

AUG 6, 2020 | Maze Ransomware Group Claims To Have stolen 10TB Of Data From Canon

The Maze ransomware group has claimed to have compromised Canon and exfiltrated 10 TeraBytes of data. Canon has reported outages affecting many systems and the full impact of this attack is yet to be seen.

Source: https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/

AUG 4, 2020 |  New Phishing Campaign Utilizing Zoom Meeting Invitations Has Been Observed Targeting O365 Credentials

Threat actors are taking advantage of the widespread use of Zoom. Newly observed techniques show phishing emails masquerading as Zoom meeting invites in order to entice the recipient to click the link.

Source: https://www.hackread.com/fake-zoom-meeting-invitation-phishing-scam-microsoft-credentials/

AUG 1, 2020 | Phished? You have 7 Days Before Your Credentials Are Sold Online

Iranian threat groups have become the first APT actors to be discovered using DNS over HTTPS in their attacks. The group "Oilrig" is known for exfiltrating data over DNS and this development incorporating new features to their kill chain is a logical progression.

Source: https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.

Copyright © 2021 Blackpanda.
All Rights Reserved.


Room 33 

Entrepreneurship Center

IT Street, Level 3, Cyberport 3

100 Cyberport Rd

Hong Kong


D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur


6 Raffles Quay
Singapore (048580)


301, 2-7-18

Nishiazabu Minato-ku

Tokyo 106-0031


Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

  • LinkedIn
  • Facebook