Canada's Global Affairs Department Targeted in a Cyberattack
Here's a short overview of the most interesting cybernews that made headlines this week.
Thursday, January 27, 2022
Canada's Global Affairs Department targeted in a cyberattack
Global Affairs Canada, the department of the Government of Canada responsible for the country's diplomatic and consular relations, was hit by a cyberattack.
Due to a network disruption caused by the incident, access to some internet-based services was restricted as part of mitigation measures.
According to TBS Canada, the attack, which took place on January 19, did not affect any other departments. Officials did not share details on the nature of the incident, or who was behind it.
A web skimmer found on Segway’s online store
Cyber-criminals have planted a credit-card stealing web skimmer on the e-store of Segway, an American maker of two-wheeled personal transporters.
Spotted by security researchers at Malwarebytes, the attack involved a seemingly harmless JavaScript code that pretended to display the site’s “Copyright”, but in actuality was responsible for loading the skimmer embedded inside a favicon.ico file.
The researchers said that the malicious script has been present on Segway’s website since at least January 6, 2021, and that they informed the company of the issue. As for the culprits behind the attack, Malwarebytes linked the incident to Magecart Group 12, one of the several hacker groups that specialize in cyberattacks aimed at stealing customer details and credit card data from online shopping websites.
Belarus hacktivists target national railway in a bid to disrupt Russian troops movements
A Belarusian hacktivist collective known as “Belarusian Cyber Partisans," announced they have encrypted some servers, databases, and workstations of Belarusian Railways, a state-owned railway company, in a ransomware attack part of a larger cyber campaign called “Peklo” (“ScorchingHeat”) targeting Belarusian government and police authorities.
The group stressed that it did not target the railway’s security and automation systems, so as to avoid emergency situations.
As a proof of their claims the hacktivists provided some screenshots from the hacked systems, including an image of the Windows domain controller, the backup server containing terabytes of data, and documents indicating that BR’s employees frequently used pirated software.
In a message on Twitter Cyber Partisans said that they have encryption keys and are willing to restore the systems to normal operations if the following two conditions are met: the authorities must release the 50 political prisoners who are most in need of medical assistance, and remove Russian troops from Belarus.
Apple rolls out iOS and macOS updates to address an actively exploited zero-day flaw
Apple has released a bunch of security updates to patch several dangerous vulnerabilities, including a zero-day flaw, which the iPhone maker says “may have been actively exploited.”
Tracked as CVE-2022-22587, the zero-day flaw is described as a memory corruption issue in the IOMobileFrameBuffer component, which could allow a malicious application to execute arbitrary code with kernel privileges. Apple did not provide any additional information on the nature of the attacks exploiting CVE-2022-22587, or how widespread they are.
In addition to CVE-2022-22587, the tech giant addressed several critical flaws in the ColorSync, Kernel, Model I/O, and WebKit components that could lead to arbitrary code execution.
China-linked APT27 targets German companies in pharmaceuticals and technology sectors
Germany's Federal Office for the Protection of the Constitution (BfV) has warned of ongoing cyberattacks on local pharmaceuticals and technology firms orchestrated by APT27 (aka Emissary Panda), a state-sponsored cyberespionage group believed to be working on behalf of the Chinese government.
The threat actors have been targeting German companies since March 2021 using vulnerabilities in Microsoft Exchange and the Zoho AdSelf Service Plus1 software, and a version of the HyperBro malware to backdoor victims’ networks.
BfV believes that the attackers’ goal is to steal business secrets and intellectual property. The threat actor may also attempt to use compromised corporate networks to target their victims’ customers via supply-chain attacks, the agency warned.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Subscribe to newsletter to get the next post automatically
- Explore 18 use cases how ImmuniWeb can help
- See the benefits of our partner program
- Request a demo, quote or special price
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
