Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.
GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates. Evidence for the initial infection vector was limited, as the actor’s malware is designed to selectively remove log entries, hindering forensic investigation; however, it is likely this was through the exploitation of known vulnerabilities.
Read more…
Source: Mandiant/GTG
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- China issues report on U.S. CIA’s cyberattacks on other countries
May 4, 2023
China on Thursday released an investigation report revealing an “empire of hackers” of the Central Intelligence Agency (CIA) of the United States, one of the major intelligence agencies of the country’s federal government. Over a long period, the CIA has been secretly orchestrating “peaceful evolution” and “color revolutions” around the world, continuously conducting espionage activities, said ...
- Apple and Google team up to tackle AirTag stalking
May 3, 2023
Apple and Google have teamed up to thwart people who try to track others using devices designed to help find lost keys and luggage. The rival tech giants do not often collaborate on new features for their smartphones, with a joint initiative to create contact tracing software during the pandemic one of few past examples. Read more… Source: ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
May 1, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans Related story: CISA Releases ...
- Cyber Attacks Hit in Massachusetts and South Carolina
May 1, 2023
Lowell, which is Massachusetts’ fourth largest city, discovered a cyber intrusion early last week, and its response saw many city systems taken offline. Meanwhile, Spartanburg County, S.C., was struck by ransomware, too. Spartanburg County, S.C., — a community of roughly 327,000 residents — suffered a ransomware attack last week, according to The Record. Essential services like ...
- T-Mobile discloses second data breach since the start of 2023
May 1, 2023
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023. Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the amount ...
- New LOBSHOT malware gives hackers hidden VNC access to Windows devices
May 1, 2023
A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results. Read more… Source: Bleeping Computer