Threat Briefing: January 26, 2024

This edition highlights several stories illustrating how governments can work together to mitigate cyber threats, either through information sharing, utilizing the justice system to hold individuals accountable for cyber attacks, or disrupting their abilities to engage in financial activity through sanctions. Additionally, cryptocurrency exchanges and wallets have continued to increase as major targets by cyber actors since 2021, disrupting the capabilities of cryptocurrency exchanges and draining the wallets of individuals owning cryptocurrency.

Malware Targeting MacOS Steals System Information and Cryptocurrency Wallet Data – The malware, known as Activator, targets running macOS Ventura (13.6 and later), instructs users to enter a system administrator password, and launches a modified executable. The malware will steal a cryptocurrency wallet, unlock the password, and the seed phrase from devices running Exodus or Bitcoin Core wallets. The Hacker News

Iranian Cyber Actors, Mint Sandstorm, Linked to Compromise of Universities and Journalists to Gain Information Israel-Hamas War – Mint Sandstorm has targeted university professors and researchers covering security and policy issues. The group utilized phishing emails to deliver malware and used lures related to the Israel-Hamas war to target its victims. Dark Reading

Kasseika Ransomware Group Leverages Bring Your Own Vulnerable Driver Attacks to Disable Security-Related Processes – The tactic used allowed them to stop antivirus processes and deploy ransomware, a variant which has similarities to the BlackMatter ransomware variant which was shut down in November 2021. Kasseika is distributed via phishing emails and deploys a remote administration tool to gain further access. Upon deployment of the ransomware, the group demanded 50 bitcoins as payment. The Hacker News

$1.7 Billion Stolen from Cryptocurrency Platforms in 2023 by Cybercriminals – Although this is approximately a $2 billion decrease from 2022, the number of incidents of stealing cryptocurrency increased in 2023. During 2023, cybercriminals also engaged in fewer attacks against decentralized finance platforms compared to 2022. Approximately $1 billion in stolen cryptocurrency was linked to cyber attacks by North Korea. The Record

U.S. Citizen Identified as Operator of BreachForums Sentenced to 20 Years of Supervised Release – Conor Brian Fitzpatrick will not serve any jail time for his role in operating BreachForums, a marketplace that sold PII, hacking tools, login credentials and banking information that was utilized by over 300,000 users. The domain for BreachForums was seized in March 2023 before being relaunched by another cybercriminal group. The Hacker News

Trickbot Malware Developer Sentenced to Five Years in Jail – Russian national Vladimir Dunaev provided technical services to support Trickbot, which served as an initial access vector for victim systems. Dunaev was previously arrested and extradited to the U.S. in 2021 and pleaded guilty in 2023 for various crimes, including conspiracy to commit computer fraud. U.S. Department of Justice

Australia, United Kingdom, and United States Sanction Russian Cyber Actors’ Associated Ransomware Attack Against Australian Healthcare Provider Medibank in 2022 – Alexander Emakov of Russia was linked to the attack and theft of data of 9.7 million clients of Medibank. Emakov has been linked to cybercriminal group REvil, however, REvil stopped operating in July 2021. U.S. Department of Treasury

United Kingdom’s National Cyber Security Center (NCSC) Warns that Artificial Intelligence (AI) Supported Cyber Attacks Likely to Increase – The assessment by the NCSC highlights a likely increase in both the volume and impact of cyber attacks, and enhance security evasion and social engineering capabilities. However, the NCSC highlights that cyber actors will need access to training data and experience with AI to develop more sophisticated attacks. Bank Info Security

Israel and Czech Republic Sign Agreement to Strengthen Information Sharing Between Countries – The move builds on other partnerships Israel has developed with the UK and United Arab Emirates. The rise in cyber attacks targeting Israel amid the conflict with Hamas has prompted intensified efforts to strengthen its cybersecurity defenses. Dark Reading