Cyber News Rundown: Continued attacks on Indian military

  • 9 July 2021
  • 3 replies
  • 317 views
Cyber News Rundown: Continued attacks on Indian military
Userlevel 7
Badge +6

SideCopy’s latest volley in their year-long attack on the Indian military has introduced a new trojan into the mix. The advanced persistent threat (APT) group’s remote access trojan is highly customized and could also be a preview of another attack as it’s thought it can be used to install additional malicious plugins. In other cybersecurity news, researchers have found 176 fake cryptomining Android apps that have been downloaded over 93,000 times – netting the malicious developers over $350,000.

Cyberattack forces Swedish supermarket to close 500 stores

A Swedish supermarket named Coop is one of thousands of victims following the ransomware attack on Kaseya. With their point-of-sale systems rendered inoperable, they were forced to close over 500 locations.. As the supermarket chain wasn’t the initial target, it is out of their control as to when and how the issue will be resolved. For now, Coop can just hope for some resolution that could allow them to re-open locations.

UK Salvation Army targeted in ransomware attack

Officials for the UK branch of the Salvation Army have revealed a ransomware attack that targeted the charitable organization’s data center last month. While it is still unknown what information was stolen, the organization is recommending that employees and volunteers be vigilant for any unusual financial transactions or suspicious emails. Unfortunately, this attack has proven that no business or organization, even charitable ones, are excluded from targeted ransomware attacks.

Indian military under siege from SideCopy group

Over the past year, the Indian military has been steadily under attack by the SideCopy advanced persistent threat (APT) group,who have now introduced a new trojan into the mix. The latest threats are highly customized remote access trojans that perform tasks like keylogging and sophisticated multi-factor authentication credential files., but can be used to install additional malicious plugins that can perform many other functions.

Formula 1 app hacked

The official Formula 1 app was compromised by malicious actors over the weekend and was used to send out two unauthorized push notifications to all users. Officials for Formula 1 have confirmed that no information was compromised during the breach, and just the push notification system was affected. Even though it may seem innocuous to infiltrate a push notification system, attacks like this one can be used for more convincing phishing attacks or scare tactics to prompt  recipients into entering sensitive information.

Fake cryptomining app scams thousands

Researchers have tracked 176 fake cryptomining apps that have been purchased and downloaded over 93,000 times. Though very few of the apps were actually available on the Google Play app store, they were all easily installed on an Android device from third-party stores. The apps themselves went mostly undetected as they didn’t perform any malicious activities, or do much of anything at all. It is believed that the combined apps have netted the developers over $350,000, and with some still available on app stores, this number is likely to continue rising.


3 replies

Userlevel 7
Badge +25

I’m not sure if reading this makes me feel more or less safe these days.  Maybe a follow up story on how Webroot is protecting against some of these attacks?

Userlevel 7
Badge +24

I’m not sure if reading this makes me feel more or less safe these days.  Maybe a follow up story on how Webroot is protecting against some of these attacks?

 

Hey MajorHavoc,

Its a crazy world now where it absolutely feels like the news stories of cyberattacks are non-stop. Any stories we share that have actual malicious payloads or IPs, Webroot will protect against, but not everyone is running Webroot. Even if running a reputable security vendor, many of these hacks are the result of poor practice in environment setup. 

Here’s a rundown of how we protect against the Kaseya attack which is definitely the most popular attack talked about this week. 

 

 

Userlevel 5
Badge +24

I’m curious...Would the targeting of the Indian military indicate this is a possible state-sponsored (e.g., Pakistan) incident? Or is the threat actor just going after what they perceive to be a large high-value target?

Reply