CyberIntelMag's Threat report

Weekly Cyber Threat Report, June 7-June 11

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, we’ve learned about arrests of TrickBot gang members, new details about Colonial Pipeline, and more.

  • The US Department of Justice has announced charges against a Latvian woman for writing code for TrickBot’s malware, which resulted in infecting millions of devices with malware. More gang members arrested.
  • After owners of the Colonial Pipeline paid a $4.4M ransom to the DarkSide, the US Department of Justice recovered the majority of the funds by seizing attackers’ cryptocurrency wallets.
  • The former executive of Securolytics network security company was charged with conducting a cyberattack on a hospital in Georgia, USA. Vikas Singla allegedly hacked into a health provider’s network and phone service Ascom in 2018 “for purpose of commercial advantage and private financial gain.”

From the bad news:

This week has brought reports about attacks on EA, iConstituent, Volkswagen, Audi, McDonald’s, and another US pipeline, new malware and vulnerabilities, and other important stories you can’t miss.

  • Russian hackers working on behalf of the country’s intelligence service hacked the network of the Dutch police in 2017. The attack took place during the country’s investigation of the MH-17 crash. The breach was kept secret by Dutch authorities until a report published in a Dutch newspaper, the Volkskrant, this week.
  • On Friday, some hackers accessed McDonald’s customers’ email addresses and phone numbers, but the hack did not compromise customer payment data. The fast-food giant McDonald’s said that the breach, which happened in South Korea and Taiwan, affected some of its customers and employees.
  • The biggest ever password compilation, dubbed RockYou2021, was posted on a popular hacker forum; it contains over 8.4 billion passwords.
  • Volkswagen, Audi, and other automakers have suffered a data breach involving 3.3 million customers that resulted from a vendor exposing unsecured data on the Internet.
  • Another pipeline company in the US was attacked in the same month. A hacker stole over 70GB of data, including employee Social Security cards. The massive amount of data stolen from LineStar Integrity, a pipeline’s partner, was leaked by a Chinese hacking group called the Xing team.
  • The Cofense Phishing Defense Center has observed a new campaign spoofing a major brand using the Linktree platform that hosted the redirect link to the phishing page. The attackers mimicked the Microsoft login page. In the past, attackers faked such big brands as PayPal and the United States Postal Service. 
  • Hackers broke into the servers of Electronic Arts and stole massive amounts of data. The hackers stole around 750 GB, including game source code.
  • A new APT group, which was dubbed by ESET as BackdoorDiplomacy, targeted foreign ministries in various countries in Africa and the Middle East. 
  • DarkSide gang that conducted the Colonial Pipeline attack last month crippled the pipeline’s network using a password from a compromised VPN account. Hackers gained access to the company’s networks through a remote access account on April 29. The leaked password was unused but active during the time of the attack.
  • U.S. Cyber Command (CISA) warned on Saturday about attackers exploiting a flaw in the software used by VMware to manage virtual machines. The flaw can allow an attacker to execute code remotely. Security fixes are available since May 25.
  • The number of ransomware attacks on schools and universities is on the rise, warned the UK’s national cybersecurity center. Late May – early June period had seen an increase in incidents related to assignments and exams.
  • Emsisoft and ID Ransomware attributed the new ransomware nicknamed PayloadBIN to Evil Corp after it tried to impersonate another ransomware gang in an attempt to evade US sanctions.
  • iConstituent, a US government’s platform, which enables local politicians and residents to communicate, was hit by ransomware on Tuesday. Several state and local governments in the US use the platform.
  • Security researchers at Palo Alto Networks researchers discovered a new kind of malware that compromises Windows containers and Kubernetes clusters. The malware is unusual as it doesn’t target traditional Linux distributions.
  • A hacker group called EpsilonRed broke into the networks of India’s financial software giant Nucleus Software Exports. The company said to financial regulators it did not store sensitive data.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.