Cybersecurity Weekly: New SolarWinds backdoor found, affects Microsoft and VMWare
A new SUPERNOVA backdoor found in SolarWinds cyberattack analysis. Microsoft says its systems were also breached in the SolarWinds hack. VMware is the latest to confirm breach in SolarWinds hacking campaign. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor. Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network, an applications monitoring platform, and enables adversaries to run arbitrary code on affected machines.
2. Microsoft says its systems were also breached in massive SolarWinds hack
The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft. The unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication and impact than previously thought.
3. VMware latest to confirm breach in SolarWinds hacking campaign
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts. The company said that the hackers did not make any efforts to further exploit their access after deploying the backdoor now tracked as Sunburst or Solarigate.
4. iPhones of 36 journalists hacked using iMessage zero-click exploit
Researchers said personal phones of 36 journalists, producers, anchors and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple's iMessage. Pegasus is developed by Israeli private intelligence firm NSO Group and allows an attacker to access sensitive data stored on a target device.
5. Software supply-chain attack hits Vietnam government certification authority
Cybersecurity researchers disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority that compromised the agency's digital signature toolkit to install a backdoor on victim systems. The compromise of a certification authority website is a good opportunity for APT groups.
6. Physical addresses of 270K Ledger owners leaked on hacker forum
A threat actor leaked stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. The text file contains the email addresses of 1,075,382 people who subscribed to the Ledger newsletter. The other file is more sensitive as it contains the names and mailing addresses for 272,853 people who purchased a Ledger device.
7. NATO checking systems to determine impact of SolarWinds hack
NATO announced it is checking its systems after the SolarWinds supply chain attack to determine if they were infected with a backdoor. At this time, no evidence of compromise has been found on any NATO networks. NATO experts continue to assess the situation, with a view to identifying and mitigating any potential risks to their networks.
8. Flavors designer Symrise halts production after Clop ransomware attack
Flavor and fragrance developer Symrise suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices. In order to be able to assess the consequences and to prevent possible further effects, the company shut down all essential systems.
9. FBI warns of DoppelPaymer attacks on critical infrastructure
The FBI is warning businesses of DoppelPaymer ransomware attacks and a change in tactics among operators, who are now cold-calling victims to pressure them into paying the ransom.These attacks have disrupted the provision of healthcare, emergency and education services for people around the world.
10. Massive fraud operation stole millions from online bank accounts
Experts uncovered a massive fraud operation that used a network of mobile device emulators to steal millions of dollars from online bank accounts. The cybercriminals used about 20 mobile device emulators to mimic the phones of over 16,000 customers whose mobile bank accounts had been compromised.