07-Sep-23: In Security News Today

North Korean APT Actor Targets Security Researchers with Zero-Days and Rigged Tools

Google’s Threat Analysis Group (TAG) has exposed a North Korean government-backed hacking team that has been targeting security researchers. The threat actor used platforms like X to initiate contact with researchers and then moved to encrypted messaging apps to establish relationships. They sent malicious files containing at least one zero-day exploit in a popular software package, allowing them to take control of the researchers’ computers. Additionally, the threat actor distributed a Windows tool that was rigged to hijack data from user machines. Google has reported the vulnerabilities to the affected vendors and is withholding technical details until patches are available.

Weaponized Windows Installers Target Graphic Designers in Crypto Heist

Attackers are using malicious versions of a legitimate Windows installer tool to target graphic designers and 3D modelers in a cryptocurrency-mining campaign. The attackers abuse Advanced Installer to hide malware in legitimate installers for software used by creative professionals. The campaign targets organizations in sectors such as architecture, engineering, construction, manufacturing, and entertainment, which typically use computers with high GPU specifications and powerful graphics cards.

Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme

Vladislav Klyushin, a Russian businessman connected to the Kremlin, has been sentenced to nine years in prison for his role in a nearly $100 million stock market cheating scheme. This scheme involved hacking into U.S. computer networks to steal secret earnings information, which was then used for insider trading. Klyushin, who personally gained over $33 million from the scheme, has been detained in the U.S. since his extradition in 2021, and he’s expected to be deported to Russia after serving his sentence.

Malvertising Campaign Spreads Atomic Stealer macOS Malware

A malvertising campaign has been observed distributing an updated version of the macOS stealer malware called Atomic Stealer. The campaign uses a fraudulent website for TradingView to distribute the malware, which prompts users to enter their password on a fake prompt and harvests files and data stored in iCloud Keychain and web browsers. The goal of the attacker is to bypass Gatekeeper protections in macOS and exfiltrate the stolen information to a server under their control.

See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack

Ticketing services agency See Tickets has notified over 300,000 individuals that their payment card data was stolen in a web skimmer attack. The attack occurred between February and July 2023, during which an unauthorized third-party inserted malicious code into the company’s e-commerce checkout pages. See Tickets claims to have implemented additional safeguards, but this is the second time in the past year that they have warned users of a web skimmer on their websites.

W3LL Gang Compromises Thousands of Microsoft 365 Accounts

A phishing group known as W3LL has successfully compromised over 8,000 corporate Microsoft 365 business accounts in the last 10 months. The group’s tools have targeted at least 56,000 Microsoft 365 accounts since October 2020, with a compromise success rate of 14.3%. W3LL has created an underground market and a sophisticated phishing kit called the W3LL Panel, which is used by over 500 cybercriminals.

MinIO Cyberattack Showcases Fresh Corporate Cloud Vector

Researchers have discovered a new attack vector in the cloud that allows cybercriminals to remotely execute code and take control over systems running the MinIO distributed object storage system. The attack involved exploiting critical vulnerabilities in MinIO to infiltrate a corporate network. The attackers duped a DevOps engineer into updating MinIO with a weaponized version that contained a backdoor and remote code execution exploits.

CISA Releases Guidance on Adopting DDoS Mitigations

The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations. The guidance provides details on prioritizing DDoS mitigations based on mission and reputational impact, and describes various DDoS mitigation services. CISA recommends that federal agencies consider content delivery networks (CDNs), internet service providers (ISPs), and cloud service provider hosted services for the highest degree of protection against DDoS attacks.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.