Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialThis week: An Iranian APT group carried out a data wiping software supply chain attack globally. Also: GitHub has introduced new security features for its npm repository.
Advanced persistent threat (APT) actors in Iran have been busy launching cyber attacks globally this past year. Now, a new incident has been added to 2022’s laundry list of Iranian-linked attacks. The Hacker News reports that researchers at ESET have been tracking Agrius, an Iranian APT group, and found that since February of 2022, the group has been launching data wiper attacks on diamond industry entities in South Africa, Israel, and Hong Kong.
These wiper attacks were deployed thanks to a software supply chain attack Agrius carried out targeting an Israeli suite developer. By targeting the developer’s software update mechanism, Agruis was then able to target any customer that used the Israeli suite developer. Israel’s victims included HR firms, IT consulting companies, and a diamond wholesaler. In South Africa, a diamond industry entity was targeted, and similarly in Hong Kong, a jeweler was also targeted.
The wiper malware that Agrius used in these incidents is known as Fantasy, and ESET researchers believe the group built it off of a similar wiper known as Apostle, first discovered by researchers at SentinelOne. While Apostle was built with the intention of being a data wiper that masquerades itself as ransomware, Fantasy does not have this purpose. ESET researchers believe that Agrius had the sole intention of Fantasy being only a data wiper, rather than holding ransom against its victims.
Here are the stories we’re paying attention to this week…
"We are excited to announce two new features for a safer npm package ecosystem experience: granular access tokens and the npm code explorer."
Apple launched Advanced Data Protection, a new, optional end-to-end encryption scheme that prevents data in a customer’s iCloud from being decrypted on an “untrusted” device.
State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history. The pro-Ukraine collective IT Army of Ukraine has claimed responsibility.
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit.
Although details about its real-world impact are vague, the Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chrome flaw to its list of Known Exploited Vulnerabilities Catalog. CISA has given government agencies until Dec. 26 to get a patch in place.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial