Category: Africa

West African Financial Institutions Hit by Wave of Attacks Since Mid-2017

A recent report by Symantec security researchers reveal cyber-attacks on West African banks and financial firms affecting several organizations in Cameroon, Congo (DR), Ghana, Equatorial Guinea, and Ivory Coast. Four different hacking campaigns have been reported since mid-2017, cybercriminals using low-end off the-shelf malware and application tools found on Windows systems (a tactic known as […]

Mia Ash and the Cobalt Gypsy Iranian Threat Group

Cobalt Gypsy, the Iranian threat group believed to be behind the Shamoon and Shamoon2 destructive wiper attacks that rendered 25,000 computers at oil company Saudi Aramco unusable, may be connected to the false online persona “Mia Ash” used in spear phishing campaigns across the Middle East/ North Africa (MENA) region. “Mia Ash,” a fictional online […]

NotPetya Ransomware Disrupts Merck Vaccine Production

Merck, a global leader in drug and vaccine production, may be unable to produce hepatitis B vaccines until 2018 because of worldwide production disruptions resulting from the NotPetya ransomware attacks in June. In late June 2017, Merck, one of the “big four” of the world’s leading vaccine producers, reported that its computer systems were affected […]

Global Weekly Executive Summary June 2, 2017

WannaCry Attribution Security researchers around the world have identified clues linking the global WannaCry cyberattacks to Lazarus Group, a prolific hacking group with suspected ties to North Korea, but is the WannaCry ransomware the work of a nation-state or does it just feel that way? Security researchers studying early versions of WannaCry, including those working […]

1.5 million WordPress Sites Defaced

A security flaw has led to the defacement of more than 1.5 million WordPress sites within the last ten days. WordPress update 4.7.2, released on January 26, quietly included a security fix for a vulnerability that allowed attackers to bypass authentication and alter content on WordPress sites running versions 4.7.0 or 4.7.1. WordPress delayed the […]

Threat Group “Operation Ghoul” Targets Industrial Sectors Around the Globe

Source: http://www.securityweek.com/organizations-30-countries-targeted-operation-ghoul , https://threatpost.com/operation-ghoul-targeting-middle-eastern-industrial-engineering-organizations/119928/ (SecurityWeek, Threatpost) Threat group dubbed as Operation Ghoul has been targeting  industrial, petrochemical, naval, military, aerospace, solar energy, and other sectors. Their activities can be traced back as far as March 2015 where they have been trying to make a profit by hijacking bank accounts and stealing intellectual property to sell to interested […]

ProjectSauron APT Platform Used to Spy on Government Agencies and Critical Industries

Source: https://www.helpnetsecurity.com/2016/08/09/top-level-cyber-espionage-group/, https://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/ Kaspersky Lab and Symantec researchers have discovered an espionage group who is likely backed by a nation-state. The threat actor was previously known as Strider, but after reviewing modules from the group’s latest attacks they’re now being called ProjectSauron. Evidence of the group’s activity can be tracked as far back as 2011, and they […]

Banking Trojan BlackMoon Steals Credentials From Over 100,000 South Koreans

Source: http://news.softpedia.com/news/blackmoon-banking-trojan-infected-over-160-000-south-koreans-506512.shtml, https://www.proofpoint.com/us/threat-insight/post/Updated-Blackmoon-Banking-Trojan BlackMoon is a banking trojan that has already infected 110,130 victims worldwide and 108,850 in South Korea.  According to Fortinet, between May 10, 2016 and July 19, 2016 the criminals were able to gain an additional 62,659 new victims(61,255 of them being from South Korea).  It was first discovered in 2014, and uses […]

India-Linked Threat Actor Targets Military, Political Entities Worldwide

Source: http://www.securityweek.com/india-linked-threat-actor-targets-military-political-entities-worldwide There is a new threat actor known as Patchwork, that has been targeting victims worldwide since 2014. They have infected an estimated 2,500 victims since December 2015. Researchers at Cymmetria say that the group has mainly focused on personnel working on military and political assignments. The threat was detected during a spear phishing attack […]

Criminals Stole $12.7 Million from ATMs in Japan

Source: https://www.helpnetsecurity.com/2016/05/23/criminals-stole-millions-atm-japan/ A group of over 100 people executed over 14,000 fraudulent ATM withdrawals that netted them about 1.44 billion yen.  The group went to various ATMs around Tokyo making withdraws using forged payment cards. It was eventually released that these cards were forged based on data about credit cards issued by an unnamed bank […]