ShadowTalk Update – 12.03.2018

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Michael Marriott, Dr Richard Gold and Simon Hall discuss our recent findings on threat actors using cracked versions of Cobalt Strike to conduct their attacks in this week’s ShadowTalk. Cobalt Strike is a powerful platform for performing offensive cyber operations, containing a wide variety of tools for conducting spear phishing and web drive-by attacks to gain initial access. While it’s used widely by security teams – including in Digital Shadows’ own internal Purple Team assessments – we’ve seen it being used for illegitimate purposes by threat actors as well. Listen to this week’s episode to find out how defenders can use this knowledge to inform their defense.


Open-source tools exploited in supply chain attacks

The United States-based cryptocurrency wallet “Copay” was recently subject to a highly targeted supply chain attack. An attacker initially used social engineering techniques to gain developer access to “event-stream,” an open-source code library that is widely used by organizations across the globe. By targeting the specific subset of Copay developers relying upon event-stream, the attacker injected malicious code that sought to intercept and steal data from Copay users when pushed to consumers. Although the specific amount of data stolen remains unreported, this attack exemplifies a possible trend of attackers targeting not only third-party suppliers but also open-source code repositories, on which many organizations rely.


New corporate cyber espionage campaigns attributed to APT10

The Chinese-state-associated threat group APT10 has reportedly intensified its targeting of Australian businesses for the purpose of corporate espionage. This activity likely indicates a broader trend of increased Chinese cyber espionage efforts worldwide; the United States recently accused China of conducting espionage operations. Such activity is likely to provoke a reaction from Western governments, which could include public attribution claims and indictments against Chinese nationals allegedly involved.


Mirai shifts focus from IOT devices to Linux servers

The Mirai botnet has targeted non–Internet-of-Things (IoT) devices, with attackers compromising Linux servers by abusing a recently disclosed Hadoop YARN vulnerability. This represents a shift in Mirai’s capabilities and an increase in its threat level. Such Linux servers can be valuable targets for attackers, particularly when used in datacenters with access to large amounts of data and bandwidth. The distribution and infection techniques are consistent with previous Mirai campaigns. Other botnet malware have similarly shifted focus away from IoT devices; this trend is likely to continue.


New variant of Pterodo backdoor indicates renewed Russian cyber campaign

The Ukrainian Computer Emergency Response Team (CERT) has released information on a new version of Pterodo, a custom backdoor malware developed by the Russian state and associated with the Gamaredon threat group. The backdoor has been updated to target systems localized to former Soviet Union countries and to generate unique command-and-control URLs for each infected device, allowing threat actors to determine which tools to use on a case-by-case basis. Given current heightened tensions between Russia and Ukraine following the Russian seizure of Ukrainian warships, it is realistically possible that the new variant of Pterodo could indicate an impending Russian cyber campaign.


To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Digital Shadows
Digital Shadows is the leader in Digital Risk Protection. Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more and get free access to SearchLight, visit
Promoted Content
A Practical Guide to Reducing Digital Risk - Tools and Approaches for Security, Intelligence, and Fraud Teams
For those working to secure organizations, life isn't getting any easier. As businesses continue to invest in technology, the environment that must be secured has become more complex and challenging. This guide is written for people whose role it is to deal with this complexity: the practitioners. It provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?