News – November 2021


  • APT annual review 2021

    November 30, 2021

    The Global Research and Analysis Team at Kaspersky posted the summary of most interesting trends and developments of the last 12 months. This is based on Kaspersky visibility in the threat landscape and it’s important to note that no single vendor has complete visibility into the activities of all threat actors. Private sector vendors play a ...

  • Queensland government energy generator hit by ransomware

    November 30, 2021

    Queensland government-owned energy generator CS Energy said on Tuesday it was responding to a ransomware incident that occurred over the weekend. First reported by Energy Source & Distribution, the company said the incident has not impacted electricity generation at Callide and Kogan Creek power station, and it was looking to restore its network. ANZ regional director at ...

  • Yanluowang: Further Insights on New Ransomware Threat

    November 30, 2021

    Yanluowang, the ransomware recently discovered by Symantec, a division of Broadcom Software, is now being used by a threat actor that has been mounting targeted attacks against U.S. corporations since at least August 2021. The attacker uses a number of tools, tactics, and procedures (TTPs) that were previously linked to Thieflock ransomware attacks, suggesting that ...

  • Panasonic admits intruders were inside its servers for months

    November 30, 2021

    Japanese industrial giant Panasonic has admitted it’s been popped, and badly. A November 26 statement from the company admits that its network “was illegally accessed by a third party on November 11, 2021”. That date has since been revised – the company now says it became aware of the intrusion on the 11th, but that ...

  • UK spy chief warns China, Russia racing to master AI

    November 30, 2021

    The chief of the United Kingdom’s foreign spy service is to warn that China and Russia are racing to master artificial intelligence in a way that could revolutionise geopolitics over the next 10 years. Richard Moore, who heads the Secret Intelligence Service, known as MI6, is due to make his first public speech since becoming chief ...

  • Unpatched HiveNightmare/SeriousSAM Windows Zero-Day Allows Privileged File Access

    November 29, 2021

    An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation (LPE), researchers have warned. The issue (CVE-2021-24084) has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure. Security researcher Abdelhamid Naceri originally reported the vulnerability as an information-disclosure issue ...

  • UK: Facial recognition firm faces possible £17m privacy fine

    November 29, 2021

    An Australian firm which claims to have a database of more than 10 billion facial images is facing a potential £17m fine over its handling of personal data in the UK. The Information Commissioner’s Office said it had significant concerns about Clearview AI, whose facial recognition software is used by police forces. It has told the firm ...

  • Dark web market Cannazon shuts down after massive DDoS attack

    November 29, 2021

    Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack. As the admins explained in a message signed with the market’s PGP key, they are officially retiring and claim not to be pulling an exit scam on their vendors. The admins posted ...

  • ScarCruft surveilling North Korean defectors and human rights activists

    November 29, 2021

    The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others. Recently, we were approached by a news organization with a request ...

  • FBI Document Says the Feds Can Get Your WhatsApp Data – in Real Time

    November 29, 2021

    As Apple and WhatsApp have built themselves into multibillion-dollar behemoths, they’ve done it while preaching the importance of privacy, especially when it comes to secure messaging. But in a previously unreported FBI document obtained by Rolling Stone, the bureau claims that it’s particularly easy to harvest data from Facebook’s WhatsApp and Apple’s iMessage services, as long ...

  • WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

    November 29, 2021

    This February, during our hunting efforts for threat actors using VBS/VBA implants, Kaspersky researchers came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with functionality to collect system information and execute arbitrary code sent by the attackers on the ...

  • Wind turbine maker Vestas confirms recent security incident was ransomware

    November 29, 2021

    Wind turbine maker Vestas says “almost all” of its IT systems are finally up and running 10 days after a security attack by criminals, confirming that it had indeed fallen victim to ransomware. Alarm bells rang the weekend before last when the Danish organisation said it had identified a “cyber security incident” and closed off parts ...

  • Britain and Israel to sign trade and defence deal

    November 28, 2021

    Britain and Israel will sign a 10-year trade and defence pact in London on Monday, promising cooperation on issues such as cybersecurity and a joint commitment to prevent Iran from obtaining nuclear weapons. The agreement was announced by Liz Truss, the foreign secretary, and her Israeli counterpart Yair Lapid, despite evidence that spyware made by Israeli ...

  • Railway Cybersecurity – Good Practices in Cyber Risk Management

    November 27, 2021

    This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust cyber risk management methods to the needs of their organisation. It builds upon the 2020 ENISA ...

  • 2 US defense officials say Israel hacked Iran’s gas system in late October

    November 27, 2021

    Israel carried out a cyber attack against Iran’s nationwide fuel system last month, two United States defense officials told the New York Times in a report published Saturday. Days later, Iran-affiliated hackers breached an Israeli LGBTQ dating site and released details of its users in a cyber attack that roiled Israel. The exchange points to a new ...