Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.
GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates. Evidence for the initial infection vector was limited, as the actor’s malware is designed to selectively remove log entries, hindering forensic investigation; however, it is likely this was through the exploitation of known vulnerabilities.
Read more…
Source: Mandiant/GTG
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian state TV ‘hit by cyber attack’ during Putin’s speech
February 21, 2023
Russian state TV stations have reportedly been hit by a cyber attack as Vladimir Putin delivered a keynote speech on the Ukraine war. State media websites broadcasting the State of the Nation address suffered an outage on Tuesday morning. Read more… Source: The Independent
- 2022 in review: DDoS attack trends and insights
February 21, 2023
As organizations strengthen their defenses and take a more proactive approach to protection, attackers are adapting their techniques and increasing the sophistication of their operations. Cybercrime continues to rise with the industrialization of the cybercrime economy providing cybercriminals with greater access to tools and infrastructure. In the first half of 2022, the cyberthreat landscape was focused ...
- A Deep Dive into the Evolution of Ransomware Part 1
February 21, 2023
Ransomware has become a notorious and damaging form of malware, inflicting financial losses on enterprises, governments, healthcare organizations and core infrastructure. Ransomware has been a very profitable activity for malicious actors. However, we want to investigate what would cause changes in this business model—both in the far future and near future. Trend Micro team conducted comprehensive ...
- In Review: What GPT-3 Taught ChatGPT in a Year
February 21, 2023
More than a year since the world’s general enthusiasm for the then-novel GPT-3, we took a closer look at the technology and analyzed its actual capabilities and potential for threats and malfeasance. Trend Micro considerations were collected in our Codex Exposed blog series as it focused on the most prominent aspects of the technology from a ...
- DNA testing biz vows to improve infosec after criminals break into database it didn’t know it had
February 20, 2023
A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old “legacy” database the company forgot it had. The genetic testing firm, DNA Diagnostics Center (DDC) reached a settlement deal with ...
- Royal Ransomware expands attacks by targeting Linux ESXi servers
February 20, 2023
Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Trend Micro predicted in September 2022 that ransomware groups will would increasingly target Linux servers and embedded systems in the coming years after detecting a double-digit year-on-year (YoY) increase in attacks on these systems in the first half of 2022. In May ...