On to a new year, but it’s still good to review some malware such as APT37 to help us understand more about cybercrimes. APT37 is associated with an attack that embeds macro that uses a VBA self decoding technique to decode itself within the memory spaces of MS Office without writing to the disk. Learn more about it in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

DarkMarket

Malware uses WiFi BSSID for victim identification

Source: ZDNet

The malware was collecting the BSSID and then checking it against a free BSSID-to-geo database. This database is a collection of known BSSIDs and the last geographical location they’ve been spotted at. Read more.

APT37

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

Source: Malwarebytes Labs

The attack embeds macro that uses a VBA self decoding technique to decode itself within the memory spaces of MS Office without writing to the disk. It then embeds a variant of the RokRat into Notepad. Read more.

DarkMarket

It’s Not the Trump Sex Tape, It’s a RAT

Source: Threat Post

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report. Read more.

DarkMarket

Cuban Credit Card Skimming Crew Sentenced to Prison

Source: US Department of Justice

Six Cuban nationals have been sentenced, including the leader of the crew, for conspiracy to commit bank fraud and aggravated identity theft. Read more.

DarkMarket

Cyber-Attack on US Laboratory

Source: Infosecurity Magazine

Apex discovered last month that the cyber-criminals behind the attack had stolen “personal and health information for some patients” and posted it online on their blog. Information believed to have been taken includes patient names, dates of birth, test results, and, for some individuals, Social Security numbers and phone numbers. Read more.

APT37

Amey hit by cyber attack

Source: Construction News

The firm’s systems were hit by what is believed to be a ransomware attack, becoming the latest in a line of companies including Interserve, Bouygues UK and Bam Construct to be targeted by hackers. Read more.

DarkMarket

DARKMARKET: World’s Largest Illegal Dark Web Marketplace Taken Down

Source: Europol

DarkMarket has been taken offline in an international operation. Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries involved. Read more.

APT37

Hackney council files including alleged passport documents leaked online after cyber attack

Source: Sky News

A cyber criminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack last year. Read more.