Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.
GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates. Evidence for the initial infection vector was limited, as the actor’s malware is designed to selectively remove log entries, hindering forensic investigation; however, it is likely this was through the exploitation of known vulnerabilities.
Read more…
Source: Mandiant/GTG
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DDoS attacks in Q4 2020
February 16, 2021
Cybercriminals are constantly on the lookout for means and methods to make attacks more destructive. In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as ...
- Security bugs left unpatched in Android app with one billion downloads
February 16, 2021
An Android application downloaded more than one billion times contains unpatched vulnerabilities that the app maker has failed to fix for more than three months. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users to share files with friends or between personal devices. The bugs can be exploited to run malicious code ...
- DDoS attacks on Russian online retailers double in 2020
February 16, 2021
The number of DDoS attacks on Russian online retailers nearly doubled in 2020 compared to the previous year, the Rostelecom-Solar cyber security company said in a statement. “Online retail business has been in the focus of cyber criminals for several years. However, as customer demand for online retail services grew amid coronavirus restrictions, they became even ...
- Cybersecurity Risks of Connected Cars
February 16, 2021
As the use of connected cars becomes more common, the technologies that power or support these vehicles continue to evolve. This provides a host of benefits, but just like any other technology, this new territory comes with some risks. In our paper, we add some substantial information to our research from last year, in order ...
- Cybersecurity Challenges for the European Railways
February 15, 2021
The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe’s railways. The report identifies the current cybersecurity status and challenges as well as proposes cybersecurity measures to combat these challenges and enhance the sector’s security posture. The report is based ...
- France links Russian Sandworm hackers to hosting provider attacks
February 15, 2021
The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group. ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) has not been able to determine how the servers were compromised. Therefore, it ...