Austrian Cyber Mercenaries Caught Exploiting Windows, Adobe Zero-Days
Read also: Digital security giant Entrust hit with ransomware, the US doubles a reward for info on North Korean hackers, and more.
Thursday, July 28, 2022
Law firms, banks targeted with Subzero malware exploiting Microsoft, Adobe zero-days
An Austrian hack-for-hire company has been leveraging multiple exploits for zero-day flaws in Windows and Adobe software products, including recently patched CVE-2022-22047 in “limited attacks against European and Central American customers,” according to a new report from Microsoft.
The company, which Microsoft tracks as “Knotweed,” is described as an Austria-based private-sector offensive actor called DSIRF that allegedly provides security and information analysis services. DSIRF is said to have been linked to the development of a malware suite called ‘Subzero’ that has been deployed over the past two years via a variety of methods, including zero-day exploits in the Windows operating system and Adobe Reader software.
The observed victims to date include law firms, banks, and consultant companies in Austria, the UK, and Panama.
Digital security giant Entrust hit with ransomware
US-based provider of security services Entrust Group has fallen victim to a ransomware attack, in which the intruders compromised the company’s internal networks and stole corporate data.
While the incident took place on June 18, it came to light only recently after a cybersecurity researcher has posted a screenshot of a security notice sent by Entrust to its customers on July 6.
Entrust confirmed in the letter that the attackers stole data from its internal systems, but did not elaborate on what information the hackers gained access to. At present, it’s not clear what ransomware operation was responsible for the hack.
US authorities increase a reward for info on North Korean hackers to $10M
The US Department of State has doubled a reward for information on individuals associated with North Korean state-sponsored hacker groups. Now, anyone who can provide information on North Korea-linked threat actors can receive a reward of up to $10 million.
More specifically, the department is interested in information on hackers linked to the Lazarus Group, Kimsuky, Bluenoroff, Andariel, APT38, Guardians of Peace malicious cyber groups, and involved in attacks targeting US critical infrastructure.
Hackers are increasingly quick to exploit new zero-day flaws
Threat actors are getting faster at weaponizing newly discovered vulnerabilities, with hunting for vulnerable endpoints starting within 15 minutes of a new CVE being publicly disclosed, security researchers say.
According to a new report, top three initial access vectors leveraged by cyber crooks are phishing (37%), exploitation of known software flaws (31%), and brute-force credential attacks (9%).
As for the most exploited vulnerabilities for network access, in H1 2022 the ProxyShell bugs accounted for 55% of all issues exploited, followed by Log4j (14%), SonicWall CVEs (7%), ProxyLogon (5%), Zoho ManageEngine ADSelfService Plus (4%), and Fortinet CVEs (3%).
Robin Banks: a new PhaaS platform that sells phishing kits to cyber criminals
An active cyber crime syndicate has launched a phishing-as-a-service (PhaaS) platform called Robin Banks that offers ready-made phishing kits to cyber actors who seek to obtain financial details of people residing in the US, the UK, Canada, and Australia.
First observed in March 2022, Robin Banks sells phishing kits targeting financial institutions, such as Bank of America, Capital One, Citibank, Wells Fargo. The platform also offers templates to obtain Google, Microsoft, and T-Mobile information.
On average, a single phishing kit deployed via the Robin Banks PhaaS service can cost between $150-$300/month.
In mid-June, researchers detected a large-scale campaign aimed at CitiBank users that involved the Robin Banks phishing kit targeting victims via SMS and email.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
