Spanish Police Arrested 55 Members of ‘Black Panthers’ Cybercrime Group
Read also: Chinese hackers stole millions in US COVID benefits, New Zealand affected by a supply-chain attack, and more.
Thursday, December 8, 2022
The Spanish police arrested 55 members of ‘Black Panthers’ cybercrime group
The Spanish National Police have dismantled a criminal organization that specialized in bank fraud through SIM swapping attacks, and arrested 55 suspects, including the group’s alleged leader.
Called “Black Panthers,” the gang had four interconnected subgroups that leveraged various techniques such as social engineering, vishing (voice phishing), call forwarding, phishing, and carding to defraud victims.
Using the abovementioned scam techniques the fraudsters obtained duplicate SIM cards from victims’ phones, which allowed them to intercept the verification codes that banks send to their customers via SMS to confirm a money transfer. The police said that the gang managed to steal about €250,000 from at least 100 victims.
Chinese state-sponsored hackers reportedly stole millions in US COVID benefits
A state-backed threat actor linked to the Chinese government reportedly has stolen at least $20 million in US COVID relief benefits since 2020, the US Secret Service revealed. This is the first time that the US authorities acknowledged publicly the theft of taxpayer money in pandemic fraud linked to foreign state-affiliated hackers.
The hacker group behind the thefts is said to be APT41 (aka Winnti), one of the most prolific state-sponsored groups linked to the Chinese government. The threat actor has been active since at least 2010 and is believed to be responsible for multiple malicious campaigns targeting a wide variety of sectors, including the healthcare, pharmaceutical, telecommunications, and video game industries worldwide. In 2019 and 2020 several alleged members of the group were indicted by the US Department of Justice for perpetrating cyber-attacks aimed at organizations across the globe.
Amnesty International Canada hit with a cyber-attack
The Canadian branch of the international human rights non-governmental organization Amnesty International has revealed that a threat actor likely affiliated with the Chinese government has breached its infrastructure.
According to Amnesty International’s press release, the suspicious activity on its network was detected on October 5. The subsequent investigation into the incident showed that the attackers used tools and techniques previously linked to cyber-espionage campaigns conducted by Chinese hackers. The organization did not name the threat actor behind the attack, but said that there is no indication that the attackers stole any donor or membership data.
In related news, the international non-governmental organization Human Rights Watch (HRW) said it uncovered an ongoing social engineering and credential phishing campaign, which is targeting high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues. The organization believes that the campaign is the work of an Iran-linked state-sponsored threat actor known as APT42.
Ransomware attack on IT provider disrupts businesses and government departments in New Zealand
Multiple organizations and several government departments and public authorities in New Zealand have been affected by a ransomware attack on the Wellington-based managed service provider (MSP) Mercury IT, which provides a wide range of IT services to customers across the country.
Among those impacted are the Ministry of Justice, Te Whatu Ora (Health New Zealand), private health insurer Accuro, BusinessNZ, and the NZ National Nurses Association.
According to New Zealand’s privacy commissioner, the incident was reported on November 30, 2022. The full scope of the breach and the number of the affected organizations has yet to be determined.
North Korean threat actors are still using IE zero-days
The North Korean state-sponsored hacker group tracked as APT37 have exploited a previously unknown vulnerability (zero-day) in Microsoft’s Internet Explorer browser to target South Korean users with malware, according to Google’s Threat Analysis Group (TAG).
The attack involved a malicious Microsoft Office document, which referenced the tragic Itaewon incident in Seoul on October 29, 2022, when over 150 people were killed in a Halloween crush. The document exploited the CVE-2022-41128 vulnerability in the JavaScript engine of Internet Explorer. The flaw was patched by Microsoft as part of November 2022 Patch Tuesday.
The TAG team said they were not able to identify the final payload delivered in this campaign, but APT37 was previously observed deploying a variety of backdoors such as Rokrat, BlueLight, and Dolphin.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Latest news and insights on AI and Machine Learning for application security testing, web, mobile and IoT security vulnerabilities, and application penetration testing. 
