Originally published at: https://cloudsek.com/threatintel/phishing-campaign-targets-organizations-in-covid-19-vaccine-cold-chain-russian-hacking-group-uses-dropbox-to-store-malware-stolen-data-and-more/
Round Up of Major Breaches and Scams
IBM’s cyber-security division says that hackers are targeting companies associated with the storage and transportation of COVID-19 vaccines using temperature-controlled environments, also known as the COVID-19 vaccine cold chain.
Suspected North Korean hackers have recently tried to break into at least nine health organizations, including pharmaceutical giant Johnson & Johnson and vaccine developer Novavax Inc, revealing a broader effort to target key players in the race to develop treatments for COVID-19.
An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts. Coin mining is typically regarded as a non-critical security issue, so the method allowed the actor to establish persistence and move laterally on the compromised network.
Round Up of Major Malware and Ransomware Incidents
Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last month’s ransomware attack. E-Land Retail, a subsidiary of E-Land Global, operates numerous retail clothing stores, including New Core and NC Department Store.
Russian-backed hacking group Turla has used a previously undocumented malware, named Crutch by its authors, toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of a European Union country.
Round Up of Major Vulnerabilities and Patches
Xerox issued a fix for two vulnerabilities impacting its market-leading DocuShare enterprise document management platform. The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data.