fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft: SolarWinds Hackers Target Govt Agencies From 24 Countries

Microsoft: SolarWinds Hackers Target Govt Agencies From 24 Countries

The Microsoft Threat Intelligence Center (MSTIC) has discovered that the SolarWinds hackers are behind an ongoing spear-phishing campaign targeting government agencies worldwide.

“This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations,” MSTIC revealed.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations.

“While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries.”

Phishing emails sent using hacked USAID email marketing account

The threat actors behind these attacks, a hacking group tracked as Nobelium by Microsoft and likely backed by the Russian government, sent the phishing emails using USAID’s compromised Constant Contact account (a legitimate email marketing service).

The campaign started in January 2021, and it slowly turned into a series of attacks culminating with this week’s USAID-themed phishing wave.

Cybersecurity company Volexity also published a report linking this phishing campaign with Russian Foreign Intelligence Service (SVR) operators (tracked as APT29, Cozy Bear, and The Dukes) based on tactics previously used in attacks going back to 2018.

Also Read: The 5 Phases of Penetration Testing You Should Know

Nobelium spear phishing email
Nobelium spear-phishing email (Volexity)

Nobelium’s infection chain and malware delivery techniques evolved throughout the attacks, with the spear-phishing messages containing HTML attachments dropping an ISO file onto the victims’ hard drives.

After the victims mounted the ISO they were encouraged to open the files contained within (LNK shortcut or RTF documents), which would execute a DLL bundled withing document or stored within ISO image, loading Cobalt Strike Beacon on the system.

“If the device targeted was an Apple iOS device, the user was redirected to another server under NOBELIUM control, where the since-patched zero-day exploit for CVE-2021-1879 was served,” Microsoft said.

“The successful deployment of these payloads enables NOBELIUM to achieve persistent access to compromised systems,” Microsoft added.

“Then, the successful execution of these malicious payloads could enable NOBELIUM to conduct action-on objectives, such as lateral movement, data exfiltration, and delivery of additional malware.”

More details, including the attackers’ motivation, the malicious behavior observed by Microsoft during the attacks, and best practices to defend against this ongoing campaign, can be found in MSTIC’s report.

HTML-ISO infection chain
HTML-ISO infection chain (Microsoft)

The SolarWinds hackers

In December, the SolarWinds network management company was breached in a cyberattack that allowed the attackers to launch a supply chain attack targeting the company’s customers.

SolarWinds advertised a select customer base including at least 425 organizations in the US Fortune 500 rankings, top ten US telecommunications companies, all US Military branches, the Pentagon, NASA, the NSA, the Postal Service, the Department of Justice, and the Office of the President of the United States.

SolarWinds revealed in March expenses of roughly $3.5 million through December 2020 from last year’s supply-chain attack and is expecting high additional costs throughout the next financial periods.

The hacking group behind the SolarWinds supply-chain attack is tracked as Nobelium (Microsoft), NC2452 (FireEye), StellarParticle (CrowdStrike), SolarStorm (Palo Alto Unit 42), and Dark Halo (Volexity).

Even though the group’s identity remains unknown, a joint statement issued by the FBI, CISA, ODNI, and the NSA in early January said that it is likely a Russian-backed hacking group.

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

Microsoft also said in February that the SolarWinds hackers had downloaded source code for a limited number of Azure, Intune, and Exchange components.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us