9th April 2021 | Asia Cyber Summary

Updated: May 18, 2021

In the Spotlight This Week

  • 533 million Facebook users' data leaked online

  • Chinese spies cover tracks in efforts to breach Vietnamese government

  • Ransom gangs emailing victim customers for leverage

  • North Korean hackers use exploits to plant malware on researcher’s computers

  • Fake unemployment benefit websites preying on laid-off workers

  • Ransomware gang leaks data from Stanford, Maryland universities

533 Million Facebook Users' Data Leaked Online

A user in a low-level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free. The exposed data includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.

While it's a couple of years old, the leaked data could prove valuable to cybercriminals who use people's personal information to impersonate or scam them into handing over login credentials.

Chinese Spies Cover Tracks in Efforts to Breach Vietnamese Government

A previously undocumented group of Chinese-speaking spies conducted a months-long campaign to infect the computers of government agencies in Vietnam and other Asian countries.

The hackers’ techniques bear some similarities to that of a Chinese-speaking group called Cycldek that has been around for over eight years. The attackers executed code capable of taking full control of target computers, but they also stripped the code of digital clues that would make them easier to track.

The goal of the operation, which lasted at least from June 2020 to January 2021, appeared to be to gather “political intelligence”, although specific targets were not identified.

Ransom Gangs Emailing Victim Customers for Leverage

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

The message reads as follows: “Good day! If you received this letter, you are a customer, buyer, partner or employee of [victim]. The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data. We inform you that information about you will be published on the darknet [link to dark web victim shaming page] if the company does not contact us,” the message concludes. “Call or write to this store and ask to protect your privacy!”

However, regardless of whether a ransom is paid, consumers whose data has been stolen are still at risk as there is no way of knowing if ransomware gangs delete the data as they promise.

North Korean Hackers Use Exploits to Plant Malware on Researchers’ Computers

North Korean hackers have once again used fake Twitter and LinkedIn accounts to target users from the cybersecurity field. Recently, cybersecurity researchers have identified two accounts that are pretending to be hiring managers for antivirus and cybersecurity firms. After examining the report, experts have discovered that their social media profiles were quickly deleted after Google reported to each platform.

Security analysts at Google have affirmed that attackers have created a fake cybersecurity company website, “SecuriElite”, that provides offensive security services, including penetration testing, security assessments, and exploits.

Fake Unemployment Benefit Websites Preying On Laid-Off Workers

Unemployment benefits have been a lifeline for many Americans laid off during the pandemic. Unfortunately, con artists have been busy pillaging these funds – often with the help of workers’ own computers and cell phones. Increasingly, these scams are carried out through sham unemployment websites and phishing emails from scammers bent on identity theft.

The Department of Justice’s National Unemployment Insurance Fraud Task Force reports that scammers lure people to their fake websites by sending spam text messages and emails. The messages look like they’re from a state workforce agency and give people links to these fake sites. When people enter their sensitive personal information on the fake sites, the scammers can use the information for identity theft.

Ransomware Gang Leaks Data from Stanford, Maryland Universities

Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. The threat actors obtained the documents after hacking the universities' Accellion File Transfer Appliance (FTA) software used to share and store sensitive information.

Data stolen in the attack targeting Stanford Medicine's Accellion server includes names, addresses, email addresses, Social Security numbers, and financial information, reported the Stanford Daily. UC has learned that it, along with other universities, government agencies, and private companies throughout the country, were recently subject to a cybersecurity attack.

Since February, the ransomware operation has been leaking files stolen after compromising vulnerable Accellion FTA file-sharing servers. The ransomware gang started leaking the universities' data during late March, attempting to coerce them to pay ransoms to have the stolen data deleted and the leaks stopped. The attackers haven't gained access to universities' internal networks, with the incident only impacting their Accellion servers.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.