8 January 2021 | Asia Cyber Summary

Updated: May 19


BLACKPANDA ANNOUNCEMENT


Blackpanda is excited to announce our partnership with leading US darknet intelligence company DarkOwl. DarkOwl will provide Blackpanda’s clients with expanded protection and detection of cyber risk with their extensive knowledge of the darknet and massive database of dark web data. Read more about our collaboration here.



In the Spotlight This Week:

  • Blackpanda Advisory: SolarWinds Vulnerability

  • Vietnamese companies and government bodies targeted in supply chain attack

  • Hackers target Livecoin and change cryptocurrency exchange prices

  • Koei Tecmo discloses data breach after hacker leaks stolen data

  • British Airways plan £3B settlement agreement

  • Nissan source code leaked via misconfigured server git



Blackpanda Advisory: SolarWinds Vulnerability


The SolarWinds hack has impacted over 18,000 businesses across the world. While the full ramifications of the breach are still being determined, it is crucial that organizations suspecting they may be affected take the necessary steps to remediate.


Blackpanda has produced a SolarWinds Vulnerability Advisory with step-by-step instructions aimed at mitigating the weaknesses discovered within SolarWinds Orion products.




Vietnamese Companies and Government Bodies Targeted in Supply Chain Attack


A group of hackers have carried out a supply chain attack against private Vietnamese companies and government agencies by inserting malware inside an official government software toolkit. The attack targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates that can be used to electronically sign official documents.


Reports detail that hackers breached the agency's website and inserted a backdoor trojan named PhantomNet inside two of the VGCA client apps offered for download on the site.




Hackers Target Livecoin and Change Cryptocurrency Exchange Prices


Russian cryptocurrency exchange Livecoin was hacked on the 23rd of December, with hackers managing to change the rates of cryptocurrencies traded on the service to earn quick profits. On Christmas Eve, the exchange posted on its site that the service was subject to a “carefully planned attack” suggesting the attack may have been planned months prior.


In the hack, the company lost control over all its servers, back ends, and nodes. Clients were asked to stop using the service, including not depositing funds, trading, or using the site’s application programming interface.

Koei Tecmo Discloses Data Breach After Hacker Leaks Stolen Data


Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. Koei Tecmo is known for its popular PC and console games including Nioh 2, Hyrule Warriors, Atelier Ryza, Dead or Alive, and more.


A threat actor claimed to have hacked into the company’s European website on December 18th through a spear-phishing campaign sent to an employee. As part of this attack, a forum database with 65,000 users was stolen, and the actor claims to have planted a web shell on the site for continued access.


In a post on a hacker forum, the threat actor was attempting to sell a forum database for 0.05 bitcoins, or approximately US$1,300, and web shell access for 0.25, or approximately US$6,500.




British Airways Plans £3B Breach Settlement


British Airways is said to be planning settlement discussions that could see victims of a British Airways data breach receive a compensation payout of up to £3B.


British Airways customers were impacted by two data breaches in 2018. Between April and July 2018, 185,000 British Airways customers were notified that their personal information and financial details had been compromised, while a further 380,000 users of the airline’s app and website had their information exposed between August and September 2018.


Data compromised in the breaches included customer names, billing addresses, and email addresses. Payment card information, including card numbers, expiry dates, and—in tens of thousands of cases—the CVV security code, was also exposed. No passport details were stolen.




Nissan Source Code Leaked via Misconfigured Git Server


Nissan’s source code was leaked online due to misconfiguration of a company Git server which was left exposed with a default username and password of admin/admin. The Git found on the North American server was taken offline yesterday after its data was shared on Telegram and hacking forums. The company has reportedly launched an investigation.




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.