Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.
GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates. Evidence for the initial infection vector was limited, as the actor’s malware is designed to selectively remove log entries, hindering forensic investigation; however, it is likely this was through the exploitation of known vulnerabilities.
Read more…
Source: Mandiant/GTG
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The ‘AT&T breach’ – what you need to know
March 20, 2024
Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for ...
- UK: Criminal investigation into council cyber attack
March 20, 2024
Ccriminal investigation has started into a cyber attack that has disrupted Leicester City Council’s systems for more than a week. The council said it could not comment on the nature of the incident while the investigation was ongoing. It told the Local Democracy Reporting Service it still could not say if there had been a data ...
- A new data wiper is targeting Linux x86 network devices
March 20, 2024
Hackers were observed targeting Linux x86 networking devices and Internet of Things (IoT) appliances with a new data wiper, called AcidPour. Data wipers are arguably among the most destructive forms of malware. Their goal is to simply destroy, or wipe, all of the data found on the compromised endpoint. They are used to disrupt companies and government ...
- From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally
March 20, 2024
Today, Visa released the Spring 2024 Edition of its Biannual Threats Report, which outlines the top payment threats impacting consumers and businesses around the world. The report points to increasingly organized, sophisticated threat actors targeting the most vulnerable point in the payments’ ecosystem: humans. Read more… Source: Yahoo News
- Fluffy Wolf sends out reconciliation reports to sneak into corporate infrastructures
March 19, 2024
The group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way, Fluffy Wolf establishes remote access, steals credentials, or exploits the compromised infrastructure for mining The BI.ZONE Threat Intelligence team has detected a previously unknown cluster, dubbed Fluffy Wolf, whose activity can be traced back to ...
- ‘Glitch’ at Ethiopia’s biggest bank sees customers withdraw millions that isn’t theirs
March 19, 2024
Ethiopia’s largest bank is struggling to recoup millions of dollars after a glitch over the weekend allowed customers to withdraw unlimited funds, according to local media reports. More than $40 million was reportedly withdrawn from the state-owned Commercial Bank of Ethiopia or transferred to other banks, as customers discovered they could withdraw more than their total ...

