Written by
Team Nucleus
Content
Written on
3rd October, 2024
SHARE ARTICLE
Analyst Insight
This week, various authorities, including the Irish Data Protection Commission and the National Crime Agency (NCA), announced a wave of sanctions and fines. These actions reflect an ongoing trend of intensified scrutiny into computer misuse, data handling, and hacking activities perpetrated by major organisations, individuals, and criminal gangs alike. Additionally, two new cyber security campaigns have emerged: one targeting employers and another focusing on government and manufacturing sectors.
US, UK and Australian Authorities Announce Sanctions Against Evil Corp Members
The notorious Evil Corp cyber-crime gang has faced sanctions against 16 of its members by Western authorities. According to the NCA the group was once believed to be the most significant cyber-crime threat in the world. In announcing sanctions, numerous members of the gang have had their identities revealed, showing the extent of the family run cyber crime empire. The groups affiliation with the notorious LockBit ransomware gang painted a large target on their back. This latest wave of sanctions is in line with a concerted effort to dismantle ransomware groups at every level.
More_eggs Malware Targets Employers Through Fake Job Applications
Frequent readers of our weekly cyber reports may remember the WARMCOOKIE campaign we covered in one of our June reports. The WARMCOOKIE campaign engaged in phishing emails that were posing as job opportunities from well-known recruitment companies, to deliver a malicious payload. This week, we saw a similar campaign but with the inverse target. Rather than going after job seekers, the More_eggs malware campaign has been targeting employers.
Spear phishing is utilised to target employers looking to seek potential candidates. The malicious job applications contain a link to a website with a “DOWNLOAD CV” button; this downloads a ZIP file with a LNK (Shortcut) file which delivers the More_eggs malware which attempts to exfiltrates the victim’s data.
British Man Faces Hacking Charges Over $3.75 Million Insider Trading Plot
Robert Westbrook, a 39-year-old British hacker, faces charges in the United States for his alleged involvement in a $3.75 million insider trading scheme. Prosecutors accuse Westbrook of infiltrating the email accounts of corporate executives at five US companies between January 2019 and May 2020. He allegedly accessed confidential information, which he then exploited for insider trading.
Westbrook was apprehended in London and now awaits extradition to the US, where he will face charges including securities fraud and wire fraud. If convicted, each count of securities fraud and wire fraud carries a maximum prison sentence of 20 years, while each count of computer fraud could add an additional five years to his sentence.
Storm-0501: Ransomware Targeting Hybrid Cloud
Microsoft has identified Storm-0501 as a significant threat in hybrid cloud ransomware attacks, targeting sectors such as government, manufacturing, transportation, and law enforcement. This financially motivated cybercriminal group, active since 2021, has evolved from targeting educational entities with Sabbath ransomware to becoming a ransomware-as-a-service (RaaS) affiliate, deploying various ransomware payloads like Hive, BlackCat, and LockBit.
Storm-0501’s multi-stage attack campaigns compromise hybrid cloud environments, moving laterally from on-premises to cloud, leading to data exfiltration, credential theft, and ransomware deployment. They exploit weak credentials, over-privileged accounts, and known vulnerabilities in unpatched servers, often using access brokers like Storm-0249 and Storm-0900. Their sophisticated operations include extensive discovery to identify high-value assets and deploying remote monitoring tools like AnyDesk to maintain persistent access.
Meta Fined €91 Million For Storing Passwords in Plaintext
On Sunday, the Data Protection Commission (DPC) in Ireland announced their decision to fine Meta €91 Million (approximately £76 Million) for mishandling sensitive user data. The issue dates to March 2019, when Meta Platforms Ireland Limited (MPIL) reported to the DPC and to the public, that it had inadvertently stored passwords of social media users in plaintext, meaning without any cryptographic protection or encryption.
