HADES RANSOMWARE POTENTIALLY RELATED TO EXCHANGE ATTACKSMarch 2021
Security experts have linked the recent hades malware operation to the same state-backed group that were behind early attacks on Microsoft exchange servers.
Ransomware group Hafnium is suspected to be behind the Hades ransomware and is responsible for attacks on US shipping giant Forward Air and others. A report from Awake Security claims to have found a domain associated with the exchange attacks. The domain was used for command-and-control in a Hades attack just before the zero-day Exchange server attacks were discovered. A security researcher at Awake Security has suggested two possibilities. An advanced threat actor is operating under the guise of Hades, or multiple independent groups coincidentally compromised the same environment, due to poor security.”
ESET UNCOVERS MALWARE DISGUISED AS CLUBHOUSE APPMarch 2021
‘BlackRock’ Trojan uncovered by security researchers at ESET was found disguised as the ‘Clubhouse’ app, stealing user login information for online services.
The malware has been revealed to pose as a fake version of drop-in audio chat app Clubhouse. Downloaded from a website designed to mimic the legitimate one, the malware can steal credentials from over 450 apps and intercept texts, giving the ability to bypass SMS-based 2FA for any of the stolen credentials. Additionally, the malicious app asks the victim to enable accessibility services, which would allow the cyber-criminals to effectively take control of the device. An ESET malware researcher has stated “The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website.”
AMERICAN HEALTHCARE PROVIDER TAKES LEGAL ACTION AGAINST AMAZON FOLLOWING BREACHMarch 2021
Healthcare provider SalusCare is pursuing legal action against Amazon after their data was allegedly exfiltrated to an Amazon storage account.
At least 85,688 employee and patient records where compromised in a phishing attack were a threat actor managed to gain access to a Microsoft 365 environment after an employee clicked on a malicious link. Upon clicking the link, malware was triggered with the purpose of exfiltrating SalusCare's entire database onto two Amazon S3 storage buckets linked to the same Amazon AWS storage account. After being notified of the alleged illegal activity, Amazon froze access to the two S3 buckets believed to have been used in the attack. However, Amazon refused to supply an audit log or a copy of the data stored in the S3 buckets as they do not belong to SalusCare. As a result, a lawsuit against Amazon has been filed in an attempt to gain access to the audit log and to permanently suspend the alleged attacker’s access to the two S3 buckets.