Russian APT Nobelium Targets NATO Allies in Europe
Polish CERT and Military Counterintelligence Service recently revealed that Russian APT group Nobelium is actively targeting European government agencies and diplomats. These entities are being targeted for their intelligence on the war in Ukraine, especially those who are part of NATO and the European Union. The hackers use spear-phishing emails disguised as invitations from European embassies to lure recipients to events. Malware is concealed within calendar invites or meeting agendas and, once executed, further settings and tools associated with Nobelium are loaded. To mitigate potential hacks, the Polish CERT recommends blocking disk file mounting capabilities and enabling software restrictions.
Emerging Ransomware Threat: Read The Manual (RTM) Locker
Trellix, a cybersecurity firm, has reported on the emergence of Read The Manual (RTM) Locker as a private ransomware-as-a-service (RaaS) provider. RTM Locker, known for its ability to operate under the radar, engages in opportunistic attacks to generate illicit profits. The group started in 2015 as a banking malware but has since evolved to deploy ransomware payloads on compromised hosts. Cybersecurity researchers anticipate that cybercrime groups will continue to develop new tactics and methods to avoid detection.
Tracing the Leak of US Pentagon Documents
Aric Toler from Bellingcat traced the leak of Top Secret US Justice Department and Pentagon documents online, some involving the invasion of Ukraine. Toler found evidence that these documents were initially posted on a Discord server as early as January before spreading to 4Chan, Telegram, and Twitter.
Active Exploitation of Android and Novi Survey Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the Known Exploited Vulnerabilities (KEV) catalog to include two vulnerabilities being actively exploited: Android Framework Privilege Escalation Vulnerability (CVE-2023-20963) and Novi Survey Insecure Deserialization Vulnerability (CVE-2023-29492). Federal Civilian Executive Branch (FCEB) agencies in the U.S. can counter these risks by applying the necessary patches before May 4, 2023.
Kodi Data Breach: 400,000 User Records and Private Messages Stolen
In April 2023, open-source media player software provider Kodi announced a data breach resulting in the theft of 400,635 user records and private messages from its MyBB forum database. The company has taken down the forum website and is working on redeploying it with additional security measures. Kodi recommends users change their passwords on other sites if they’ve used the same passwords on the Kodi forum.
Cisco’s Air-Gapped WebEx and Other Security Updates
Cisco plans to offer an air-gapped version of its WebEx cloud collaboration system, called Air-Gapped Trusted Cloud, next year. This system aims to cater to companies in highly controlled industries such as national security and defense. In other security news, the Netherlands will transition to Resource Public Key Infrastructure standards by the end of 2024, and the European Data Protection Board has set up a ChatGPT task force to align policies for generative AI. Furthermore, Hikvision confirmed an “access control issue” on its Hybrid SAN and cluster storage portfolio and has issued a patch to address the flaw, while Western Digital’s attackers claim to have obtained 10 terabytes of data, including customer information, from the company’s recent “network security incident.”
That wraps up todays cybersecurity brief. As always stay safe, stay vigilant, and we’ll see you tomorrow with our weekly roundup!