Cyber Security News — Past 24 hours | 09.06.2021

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation and Australian Federal Police ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally.

Dubbed Operation Ironside , Operation Greenlight , and Operation Trojan Shield , the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world.

A Trojan Horse to Trap Crime Syndicates

In controlling the encrypted chat network right from its inception in 2018, ANoM was a cleverly designed trap meant to ensnare domestic and international organized crime syndicates who had previously relied on other platforms to facilitate murders and drug smuggling.

To that end, the FBI recruited a confidential human source, who had previously sold phones from both Phantom Secure and Sky Global to criminal organizations and had “invested a substantial amount of money into the development of a new hardened encrypted device” , to penetrate the crime networks and distribute the devices.

Source —

India’s Finance Software Powerhouse NSE Blown By EpsilonRed Ransomware

Nucleus Software Exports, an Indian financial software company has witnessed a major ransomware attack. The company that facilitates Indian banks and retail stores with software has suffered severely in regard to its internal networks and encrypted essential business data.

As per the latest data, Nucleus Software Company is a leading provider of Banking and Financial Services and is also known for lending and transaction banking consultancy services to the global financial services industry.

Alongside, the NSE published its quarterly report in which it wrote that the company’s cyber-security researchers’ team is working hard to get back its sensitive business credential, and towards fixing the damaged part of the system. Meanwhile, the company’s spokesperson assured their customers and said, “So far as sensitive data is concerned, we’d like to assure our customers that there is NO financial data of any customer available/stored with us and therefore the question of any leakage or loss of client data does not arise’’.

UK security firm Sophos had first reported on this new strain, last month. According to the Sophos report, the EpsilonRed gang makes its victims from unpatched Microsoft Exchange email servers, target the ProxyLogon exploit, after getting full command into the system, hackers install a collection of PowerShell scripts that gives access to hackers into the inside of a victim’s network.

Source —

Siloscape: First Known Malware Targeting Windows Containers to Hack Cloud Environments

Using Windows Server in a «Windows container»? Then beware of it, as recently, it has been confirmed that highly sophisticated malware has been active for over a year.

The cybersecurity researchers at Palo Alto Networks Unit 42 have recently discovered a new malware, known as, «Siloscape,» and it uses Windows containers to access Kubernetes clusters.

Since they generally focus on Linux systems, that’s why it goes after the Windows containers that are deemed as unusual. To connect to a C2 server that is used by attackers to control the Siloscape, data filtering, and commands, the malware uses a Tor proxy and an onion domain.

During the investigations, the researchers at Palo Alto Networks Unit 42 identified, «23 active victims and a total of 313 victims from the past year».

However, the security experts were expelled from the server after the operators identified them, and not only that even after their detection they also shut down the service running on the onion address.

Source —

Google fixes a critical Android RCE flaw in the System component

Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices, including a Critical RCE tracked as CVE-2021–0507 that could allow to take over a device.

«The most severe vulnerability in this section could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.» reads the Android Security Bulletin.

Google also addressed a critical elevation-of-privilege issue in the System component tracked as CVE-2021–0516. The remaining flaws in the System component are rated as high severity.

Google fixed multiple high-severity EoP vulnerabilities in other components, including the Media Framework, the System, and the Kernel.

Google also fixed several high-severity information-disclosure issues for Android, including a local information disclosure tracked as CVE-2021–0521.

The IT giant addressed a total of 43 security flaws in multiple components, including Android runtime, Framework, Media Framework, System, kernel components and Pixel components.

Source —

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store