In the last two weeks of June, we saw the Japanese multinational conglomerate Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan. “Fujifilm Corporation in Tokyo does not comment on the demand but I can confirm we have not paid any ransom,” the Fujifilm spokesperson said.

 

For more articles, check out our #onpatrol4malware blog.

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments

Source: Palo Alto Networks

In March 2021, I uncovered the first known malware targeting Windows containers, a development that is not surprising given the massive surge in cloud adoption over the past few years. Read more.

Fujifilm refuses to pay ransomware demand, restores network from backups

Source: Veredict

Japanese multinational conglomerate Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan last week and is instead relying on backups to restore operations. Read more.

Deep Dive into BlackCocaine Ransomware

Source: Cybleinc

On May 30, 2021, Nucleus Software, an India-based IT company in the Banking and Financial Services sector, noted a breach on its servers. The company has reported this incident to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India. Read more.

SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor

Source: Secureworks

Check Point Research identified an ongoing surveillance operation targeting a Southeast Asian government. The attackers use spear-phishing to gain initial access and leverage old Microsoft Office vulnerabilities. Read more.

New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions

Source: Bleeping Computer

The new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US Treasury Department’s Office of Foreign Assets Control (OFAC). Read more.

From Wiper to Ransomware | The Evolution of Agrius

Source: Sentinel Labs

A new threat actor SentinelLabs track as Agrius was observed operating in Israel beginning in 2020. An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers. Read more.

Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

Source: Fireeye

On April 20, 2021, Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. Read more.

BackdoorDiplomacy: Upgrading from Quarian to Turian

Source: We Live Security

An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017. Read more.