Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.
GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates. Evidence for the initial infection vector was limited, as the actor’s malware is designed to selectively remove log entries, hindering forensic investigation; however, it is likely this was through the exploitation of known vulnerabilities.
Read more…
Source: Mandiant/GTG
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Pepsi Bottling Ventures says info-stealing malware swiped sensitive data
February 14, 2023
Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers. The breach happened on or around December 23, 2022. However, Pepsi Bottling Ventures – America’s largest manufacturer and distributor of Pepsi-Cola beverages – didn’t discover the unauthorized activity until ...
- New stealthy ‘Beep’ malware focuses heavily on evading detection
February 14, 2023
A new stealthy malware named ‘Beep’ was discovered last week, featuring many features to evade analysis and detection by security software. The malware was discovered by analysts at Minerva after a flurry of samples were uploaded to VirusTotal, an online platform for file scanning and malicious content detection. Read more… Source: Bleeping Computer
- Romance scam targets security researcher, hilarity ensues
February 14, 2023
It sounds like the plot of a somewhat far-fetched romcom-slash-thriller Netflix series, maybe billed as You meets Your Place or Mine, dropping just in time for Valentine’s Day. In it, a pig butchering romance scammer targets her next victim: Sophos’s lead threat researcher. The security biz would probably want us to make very clear that no ...
- New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
February 14, 2023
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims. Talos observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389, using one ...
- Several NATO websites suffer a cyber attack
February 13, 2023
Several NATO websites have suffered a computer attack on Sunday night, leaving the NATO Special Operations Headquarters website, among others, temporarily inoperative. “NATO cyber experts are actively dealing with an incident affecting some NATO websites. NATO deals with cyber incidents on a regular basis, and takes cyber security very seriously,” an Atlantic Alliance official told DPA ...
- Cloudflare blocks record-breaking 71 million RPS DDoS attack
February 13, 2023
This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date. The attacks were launched using over 30,000 IP addresses from multiple cloud providers against various targets, including gaming providers, cloud computing platforms, cryptocurrency firms, and hosting providers. Read more… Source: Bleeping Computer