Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.
GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates. Evidence for the initial infection vector was limited, as the actor’s malware is designed to selectively remove log entries, hindering forensic investigation; however, it is likely this was through the exploitation of known vulnerabilities.
Read more…
Source: Mandiant/GTG
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
September 2, 2021
Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic (BT) for communication. According to an academic paper from the University of Singapore, the bugs are found in the closed commercial BT stack used by at least 1,400 embedded chip components, that can lead ...
- Cisco Releases Security Updates for Cisco Enterprise NFVIS
September 2, 2021
Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) Release 4.5.1. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- QakBot technical analysis
September 2, 2021
QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans around the globe. Its main purpose is ...
- In space, no one can hear cyber security professionals scream
September 2, 2021
“Space is an invaluable domain, but it is also increasingly crowded and particularly susceptible to a range of cyber vulnerabilities and threats.” That’s not an overblown sci-fi movie strapline, but rather the chilling words of Gina Galasso, managing director of The Aerospace Corporation UK, a member of the international collaborative organisation, Space ISAC (the Space Information ...
- UK VoIP telco receives ‘colossal ransom demand’
September 2, 2021
Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. South Coast-based Voip Unlimited has confirmed it has been slapped with a “colossal ransom demand” after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil. This morning, it ...
- WhatsApp patches vulnerability related to image filter functionality
September 2, 2021
Check Point Research has announced the discovery of a vulnerability in the popular messaging platform WhatsApp that allowed attackers to read sensitive information from WhatsApp’s memory. WhatsApp acknowledged the issue and released a security fix for it in February. The messaging platform — considered the most popular globally with about two billion monthly active users — had ...