Metacurity

Share this post
ToddyCat Threat Group Is Targeting Microsoft Exchange Servers in Asia and Europe
metacurity.substack.com

ToddyCat Threat Group Is Targeting Microsoft Exchange Servers in Asia and Europe

Police bust nine in the Netherlands for phishing, fraud, and scams, Ukraine CERT exposes two new hacking campaigns, Delivery company Yodel impacted by 'cyber incident,' much more

Cynthia Brumfield
Jun 22
2
Share this post
ToddyCat Threat Group Is Targeting Microsoft Exchange Servers in Asia and Europe
metacurity.substack.com

Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Researchers at Kaspersky Lab discovered that an advanced persistent threat (APT) group, ToddyCat, has been targeting Microsoft Exchange servers throughout Asia and Europe for over a year, since at least December 2020.

While tracking the group, the researchers also found a previously unknown passive backdoor they named Samurai and new trojan malware dubbed Ninja Trojan, both of which allow the attackers to take control of infected systems and move laterally within the victims' networks. Researchers at ESET spotted the group earlier and have been tracking them as a cluster of activity they dubbed Websiic starting with March 2021. (Sergiu Gatlan / Bleeping Computer)

Related: Dark Reading, Decipher, Reddit - cybersecurity, Security Affairs, Infosecurity Magazine, The Hacker News, CSO Online, Securelist

A cross-border operation, supported by Europol and involving the Belgian Police and the Dutch Police (Politie), resulted in the dismantling of an organized crime group engaged in phishing, fraud, scams, money laundering, and arrested of nine people in the Netherlands.

Europol confirmed that the group typically contacted victims through email, text messages, and mobile messaging applications. The group allegedly used money mules to get the money out of victim accounts, and some gang members are reportedly connected to drug and firearm trafficking. (Jonathan Greig / The Record)

Related: Europol, Politie, The Hacker News

Officials with the Computer Emergency Response Team of Ukraine (CERT-UA) exposed two new hacking campaigns against targets in the country this week, one using a phony tax collection document purportedly sent by the national tax agency and the other using a malicious document that discussed the threat of nuclear attack from Russia.

CERT-UA warned of a malicious Microsoft Word document titled “Imposition of penalties” distributed by email supposedly from the State Tax Service of Ukraine. If opened, the document would attempt to load a Cobalt Strike Beacon, which could give an attacker a connection to a target system and potentially enable malicious behavior. CERT-UA attributed the other attack, which used malicious code in a text file that sought to launch the CredoMap malware, to the Russian group APT28, also known as Fancy Bear. (AJ Vicens / Cyberscoop)

Related: Bloomberg, CERT.gov.ua, CIP.gov.ua, CERT.gov.ua, Bleeping Computer

Delivery company Yodel is experiencing service delays because of what it describes as a "cyber incident" affecting customer services and parcel tracking. 

Craft beer retailer Beer Hawk uses Yodel to distribute deliveries and is one of the customers affected by the incident. "Yodel is currently experiencing service delays due to a system-wide outage," according to an update on Beer Hawk's website, which says the issues have been affecting their deliveries since at least Monday.  (Danny Palmer / ZDNet)

Related: Techmonitor, The Tech Outlook, Macworld, IT PRO, Bleeping Computer, Heimdal Security Blog, SecureReading, The Sun, Infosecurity Magazine, The Register - Security, Beer Hawk, Computing, Liverpool Echo

Twitter avatar for @Adam_Smith_PHDAdam Smith @Adam_Smith_PHD
Anyone expecting a package via Yodel? Seems that since this weekend @YodelOnline has gone dark. No tracking, no customer services, no updates. Have they gone bust?

June 21st 2022

5 Retweets18 Likes

Researchers at Minerva Labs found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users.

Adobe confirmed that users have reported experiencing issues due to DLL (dynamic link libraries injected by security vendors to hunt for malware) components from some security products being incompatible with Adobe Acrobat’s usage of the CEF library. The company said that it is currently working with these vendors to address the problem and “to ensure proper functionality with Acrobat's CEF sandbox design going forward.” (Ionut Ilascu / Bleeping Computer)

Related: Slashdot, Minerva Labs

Yuriy Kurmaz, CEO of Ukrtelecom, one of Ukraine’s leading internet and phone providers, said his employees decided to sabotage equipment rather than hand control to Russia in occupied territories.

Instead of giving Russians control, the company’s employees decided to delete crucial files from computers. Russian forces had attempted to seize parts of the telecom’s network by using a combination of hacking and physical intimidation. (Ryan Gallagher / Bloomberg)

Twitter avatar for @ajmartinnyAndrew Martin @ajmartinny
Wild story by ⁦@rj_gallagher⁩ about Ukrainian telecom employees sabotaging their own equipment so Russia cant take it over
Bloomberg - Are you a robot?bloomberg.com

June 21st 2022

2 Retweets3 Likes

Representative Sara Jacobs (D-CA) and Senators Mazie Hirono (D-HI), and Ron Wyden (D-OR) introduced legislation, My Body, My Data Act, to would bar companies from retaining data about users’ reproductive health without consent. 

The bill would also give people the power to demand companies disclose and delete the data, as well as the power to sue companies for violations of the law. (Rebecca Klar / The Hill)

Related: EFF

A tracking tool installed on many hospitals’ websites has been collecting patients’ sensitive health information, including details about their medical conditions, prescriptions, and doctor’s appointments, and sending it to Facebook.

The Markup tested the websites of Newsweek’s top 100 hospitals in America and found the tracker, called MetaPixel, on thirty-three of them. The tracker sent a packet of data connected to an I.P. address whenever a person clicked a button to schedule a doctor’s appointment. Former regulators, health data security experts, and privacy advocates who reviewed The Markup’s findings said the hospitals in question may have violated the federal Health Insurance Portability and Accountability Act (HIPAA).

In a statement, a Facebook spokesperson said, “If Meta’s signals filtering systems detect that a business is sending potentially sensitive health data from their app or website through their use of Meta Business Tools, which in some cases can happen in error, that potentially sensitive data will be removed before it can be stored in our ads systems.” (Todd Feathers, Simon Fondrie-Teitler, Angie Waller, and Surya Mattu / The Markup)

Related: S.C. Magazine, GovInfoSecurity.com, STAT

China’s ambition to collect a staggering amount of personal data from everyday citizens is more expansive than previously known, with phone tracking devices everywhere, massive DNA databases, and facial and voice recognition technology used against the general population.

An extensive investigation by the New York Times Visual Investigations team and reporters in Asia found that, among other things, Chinese police analyze human behaviors to ensure facial recognition cameras capture as much activity as possible, authorities are using phone trackers to link people’s digital lives to their physical movements, and DNA, iris scan samples and voice prints are being collected indiscriminately from people with no connection to crime. (Isabelle Qian, Muyi Xiao, Paul Mozur, and Alexander Cardia / New York Times)

Twitter avatar for @UyghurCongressWorld Uyghur Congress @UyghurCongress
A @nytimes analysis of over 100,000 Chinese government documents uncovers its invasive use of surveillance technology. This system is also built to specifically target #Uyghurs, with phone trackers being used to detect Uyghur-to-Chinese dictionary apps.
Four Takeaways From a Times Investigation Into China’s Expanding Surveillance StateTimes reporters spent over a year combing through government bidding documents that reveal the country’s technological road map to ensure the longevity of its authoritarian rule.nytimes.com

June 22nd 2022

5 Retweets7 Likes

Russia’s failure so far to gain the upper hand in cyber conflict is a consequence of a quiet partnership of the world’s biggest technology companies, U.S. and NATO intelligence agencies, and Ukraine’s own army of hackers.

Despite a volley of destructive cyberattacks by Russia, including one aimed at satellite provider Viasat, Ukraine, working with private tech companies, Western intelligence, and its expert software engineers, has quickly fixed most of the damage. Moreover, the close partnerships between U.S. technology companies and Western cybersecurity agencies are one of the unheralded stories of the war. (David Ignatius / Washington Post)

Twitter avatar for @thegrugqthaddeus e. grugq 🌻 @thegrugq
Curious why the Russian cybers have been so weak? Wonder no more! - public private partnerships - information sharing - the power of friendship Read all about it:
Opinion | How Russia’s vaunted cyber capabilities were frustrated in UkraineBig Tech, Western intelligence and a homegrown army of Ukrainian hackers pull off one of the biggest surprises of the war.washingtonpost.com

June 22nd 2022

8 Retweets22 Likes

Threat intelligence company Cyberint has raised $40 million in a venture capital funding round.

StageOne Late Stage Arm, Neva SGR, and Viola Growth led the round with the participation of all existing investors. (Abiola Ayodele / Venture Beat)

Related: VentureBeat, Security Week, NoCamels, FinSMEs

Image from Microsoft Office team, Public domain, via Wikimedia Commons

Share this post
ToddyCat Threat Group Is Targeting Microsoft Exchange Servers in Asia and Europe
metacurity.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing