21st August – Threat Intelligence Report

/in


For the latest discoveries in cyber research for the week of 21st August, please download our Threat_Intelligence Bulletin

TOP ATTACKS AND BREACHES

  • The German Federal Bar (BRAK) Association, which oversees 28 regional bars throughout Germany and represents approximately 166,000 lawyers on a national and international scale, is currently investigating a ransomware attack on its Brussels office. NoEscape ransomware group claimed responsibility for this attack.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.NoEscape)

  • Discord.io has confirmed that the company is handling a data breach exposing the information of 760,000 members, which led to the temporarily suspension of services. This comes after a cybercriminal going by the moniker Akihirah has posted the database of Discord in an underground forum.
  • Colorado’s Department of Health Care Policy and Financing (HCPF) has released a notice that personal health data of about 4 million members of state health programs from IBM-managed systems has been obtained in Cl0p ransomware group’s third-party MOVEit attack during May 2023.

Check Point IPS blade, Harmony Endpoint and Threat Emulation provide protection against this threat (Progress MOVEit Transfer Multiple Vulnerabilities; Webshell.Win.Moveit, Ransomware.Win.Clop, Ransomware_Linux_Clop; Exploit.Wins.MOVEit)

  • Suspected North Korean hackers, thought to have ties to a North Korean entity Kimsuky group, have targeted a joint U.S.-South Korea military exercise. Reportedly, no classified information was stolen.

Check Point Threat Emulation and Anti-Bot Blade provide protection against this threat (TrojanDownloader.Win.Kimsuky.A; Backdoor.WIN32.Kimsuky.A)

  • Following a confidential data breach at Tesla, caused by two employees during May 2023 and affecting over 75K people, the company began notifying current and former employees that their information (Social Security numbers, names and addresses) has been exposed in the breach.
  • Researchers have identified a widespread hacking campaign targeting LinkedIn accounts worldwide. They have noticed the attackers are using leaked credentials from 3rd party websites, or brute-forcing…

Source…