Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.
GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates. Evidence for the initial infection vector was limited, as the actor’s malware is designed to selectively remove log entries, hindering forensic investigation; however, it is likely this was through the exploitation of known vulnerabilities.
Read more…
Source: Mandiant/GTG
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malwarebytes says SolarWinds hackers accessed its internal emails
January 19, 2021
Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” Malwarebytes CEO and co-founder Marcin Kleczynski said. “We can confirm the existence of another intrusion ...
- DNSpooq bugs let attackers hijack DNS on millions of devices
January 19, 2021
Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices. Dnsmasq is a popular and open-source Domain Name System (DNS) forwarding software regularly used that adds DNS caching and Dynamic Host Configuration ...
- U.S. National Cybersecurity Plan Promises to Safeguard Maritime Sector
January 18, 2021
The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security. The Maritime Cyber Environment With International Maritime Organization’s (IMO) mandate “to ensure that cyber risks are appropriately addressed in existing safety management systems” and the increasing number of cyber-attacks against maritime and ...
- FBI warns of vishing attacks stealing corporate accounts
January 18, 2021
The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. Vishing (also known as voice phishing) is a social engineering attack where attackers impersonate a trusted entity during a voice call to persuade ...
- Medical Device Security: Diagnosis Critical
January 18, 2021
A hacked insulin pump is the last thing a diabetic wants to worry about when life-saving fluids are pumped into their body. Sadly, concerns about medical device IT security are a healthcare reality. Last year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued more than a half-dozen warnings tied to connected drug pumps alone. Vulnerabilities ...
- UK MoD under fire over multiple data breaches
January 18, 2021
The UK Ministry of Defense (MoD) suffered more data breaches in 2020 than in the year prior, seven of which were reported to the Information Commissioner’s Office (ICO) for further investigation. This is according to a new report from the Parliament Street Think Tank, and based on data provided by the MoD itself. Overall, there was an ...