InfoSecBulletin Cybersecurity for mankind
The North Korean hacker group APT38 is back in the headlines as it is targeting investment banking and venture capital firms. Coming right on the heels of connecting the MOVEit Transfer flaw exploitation to the Cl0p ransomware group, there is now an extortion note aimed at hundreds of organizations. The group threatens to publish victims’ names if a ransom is not paid. Moving on to the topic of malware, tens of thousands of Android apps were found to have deployed adware onto victims’ devices. Here are the top 10 highlights from the past 24 hours.
01
The North Korean state-sponsored hacker group APT38 was spotted spoofing financial institutions and venture capital firms in the U.S., Japan, and Vietnam, with an aim to expose sensitive or confidential information.
02
The Cl0p ransomware group published an extortion note warning hundreds of affected victims to get in contact or be named on its extortion site, with a deadline of June 14. This comes after the group abused the MOVEit Transfer zero-day.
03
A cyberespionage campaign has been active in Ukraine since mid-2022, targeting government agencies and media organizations by distributing the LonePage malware through phishing emails and text messages – warned CERT-UA.
04
A new service called kopeechka[.]store allows cybercriminals to rent access to established email accounts at major providers, saving time and costs associated with creating new throwaway email accounts.
05
SentinelOne identified the North Korean Kimsuky group targeting experts in North Korean affairs and media to gather intelligence and steal subscription information for news outlets reporting on the country’s affairs.
06
More than 60,000 Android apps have secretly installed adware on mobile devices, going unnoticed for six months. The campaign primarily affects users in the U.S., South Korea, Brazil, Germany, the U.K, and France.
07
i2VPN has allegedly suffered a cybersecurity breach, compromising admin credentials. The hackers also claimed to have gained access to the main admin dashboard, potentially affecting confidential information pertaining to hundreds of thousands of users.
08
The number of newly discovered vulnerabilities hit an all-time high of 25,096 in 2022, with 80% of them being medium or high severity and 16% deemed critical – revealed data compiled by Skybox Security.
09
A recent report by Unit 42 witnessed a 910% surge, between November 2022 and April 2023, in monthly registrations of both benign and malicious domains related to ChatGPT.
10
Cybersecurity risk management firm Outpost24 announced the acquisition of External Attack Surface Management (EASM) platform Sweepatic. The terms of the deal remain undisclosed.
