Articles from the last couple of weeks reveal news about cyber threats targeting the electric utility industry and hackers boring into the gas company industry. And with the events in and around Iran, there were concerns on widespread cyber attacks that could happen.

For more articles, check out our #onpatrol4malware blog.

cyber threats

Operation AppleJeus Sequel

Source: Secure List

In 2018, Kaspersky published a report on one of Lazarus’ campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users. Read more.


Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

Source: SentinelLabs

The TrickBot cybercrime enterprise actively develops many of its offensive tools such as “PowerTrick” that are leveraged for stealthiness. Read more.

cyber threats

Threat Research
SAIGON, the Mysterious Ursnif Fork

Source: Fire Eye

Ursnif (aka Gozi/Gozi-ISFB) is one of the oldest banking malware families still in active distribution. Read more.

malicious Microsoft Office documents

North American Electric Cyber Threat Perspective

Source: Dragos

The electric utility industry is a valuable target for adversaries seeking to exploit ICS and OT for a variety of purposes. Read more.

cyber threats

Russians Hacked Ukrainian Gas Company at Center of Impeachment

Source: The New York Times

With President Trump facing an impeachment trial, Russian military hackers have been boring into the Ukrainian gas company at the center of the affair, according to security experts. Read more.

malicious Microsoft Office documents

DeathRansom Part II: Attribution

Source: Fortinet

In this second part, FortiGuard Labs will try to shed a light on how this DeathRansom campaign is connected with other campaigns, and who might be behind them. Read more.

malicious Microsoft Office documents

Assessing Iran’s Digital Attack Capabilities

Source: Zerofox

There has been increased speculation and tension surrounding the potential cyber-attacks directed towards the US and its allies. Read more.

cyber threats

Satan ransomware rebrands as 5ss5c ransomware

Source: Blaze

The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named “5ss5c”. Read more.

malicious Microsoft Office documents

Hainan Xiandun Technology Company is APT40

Source: Instrution Truth

Instrution Truth identified a constellation of front companies for APT activity in Hainan and a computer science specialist at Hainan University who is linked to one of the companies. Read more.

malicious Microsoft Office documents

Emotet remains the dark market leader for delivery-as-a-service

Source: Help Net Security

The vast majority of nationally sponsored cybersecurity incidents take the form of espionage through data exfiltration, with frequent employment of remote access tool Plug-X, according to the annual threat report by eSentire. Read more.

cyber threats

Iran and Not Iran: What Our Threat Monitoring Indicates

Source: Team Cymru

We now have a moment to assess the cyber actions in the wake of events in and around Iran. There was concern that the Iranian regime would respond with widespread cyber attacks. Read more.

malicious Microsoft Office documents

Beware of this sneaky phishing technique now being used in more attacks

Source: ZDNet

There’s been a large rise in cyber criminals using a particular phishing technique to trick workers into unwittingly installing malware, transferring money or handing over their login credentials. Read more.

malicious Microsoft Office documents

Uncle Sam compensates you for data leaks (yeah, right)

Source: Kaspersky

Data leaks of all sorts regularly crop up in the news, and recently so have fines, some potentially reaching into the billions, slapped on the companies responsible. Read more.

malicious Microsoft Office documents

CVE-2020-0601 AKA ChainOfFools OR CurveBall

Source: GitHub Gist

Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601. The vulnerability was discovered by the U.S. National Security Agency followed by a blog post and an official security advisory. Read more.

malicious Microsoft Office documents

Comparative Analysis of New ZeroCleare Variant, Dustman

Source: IBM X-Force Exchange

A new Wiper malware called Dustman was identified by Saudi Arabia’s National CyberSecurity Authority (NCA) which was believed to be a variant of the ZeroCleare malware identified by X-Force IRIS earlier in 2019. Read more.

cyber threats

Deep Dive into the Lyceum Danbot Malware

Source: CyberX

LYCEUM is a threat group first identified by Dell SecureWorks, which appears to be interested in organizations with ICS such as oil and gas companies in the Middle East. Read more.