On to a new year, but it’s still good to review some malware such as APT37 to help us understand more about cybercrimes. APT37 is associated with an attack that embeds macro that uses a VBA self decoding technique to decode itself within the memory spaces of MS Office without writing to the disk. Learn more about it in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
Malware uses WiFi BSSID for victim identification
Source: ZDNet
The malware was collecting the BSSID and then checking it against a free BSSID-to-geo database. This database is a collection of known BSSIDs and the last geographical location they’ve been spotted at. Read more.
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
Source: Malwarebytes Labs
The attack embeds macro that uses a VBA self decoding technique to decode itself within the memory spaces of MS Office without writing to the disk. It then embeds a variant of the RokRat into Notepad. Read more.
It’s Not the Trump Sex Tape, It’s a RAT
Source: Threat Post
Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report. Read more.
Cuban Credit Card Skimming Crew Sentenced to Prison
Source: US Department of Justice
Six Cuban nationals have been sentenced, including the leader of the crew, for conspiracy to commit bank fraud and aggravated identity theft. Read more.
Cyber-Attack on US Laboratory
Source: Infosecurity Magazine
Apex discovered last month that the cyber-criminals behind the attack had stolen “personal and health information for some patients” and posted it online on their blog. Information believed to have been taken includes patient names, dates of birth, test results, and, for some individuals, Social Security numbers and phone numbers. Read more.
Amey hit by cyber attack
Source: Construction News
The firm’s systems were hit by what is believed to be a ransomware attack, becoming the latest in a line of companies including Interserve, Bouygues UK and Bam Construct to be targeted by hackers. Read more.
DARKMARKET: World’s Largest Illegal Dark Web Marketplace Taken Down
Source: Europol
DarkMarket has been taken offline in an international operation. Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries involved. Read more.
Hackney council files including alleged passport documents leaked online after cyber attack
Source: Sky News
A cyber criminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack last year. Read more.