MOVEit zero-day exploit and the U.S. iPhone hack accusation
MOVEit discloses zero-day exploit causing mass data theft, Russia accuses U.S. intelligence of hacking thousands of iPhones and the Magecart-cart style web skimmer. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Hackers mass exploited MOVEit Transfer zero-day to steal data
Hackers are actively exploiting a critical zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer file transfer software developed by Ipswitch. The flaw allows remote code execution and data theft, affecting thousands of exposed servers, primarily in the U.S. Although the motive of the threat actors is unclear, organizations should prepare for possible extortion and publication of stolen data. The MOVEit Cloud platform was also impacted by the vulnerability, with users being urged to investigate for potential data theft.
2. Russia says U.S. hacked thousands of iPhones to spy on diplomats
Russia has accused the U.S. of hacking thousands of iPhones belonging to Russian and foreign diplomats. The Federal Security Service (FSB) alleged that Apple worked closely with U.S. spy agencies but provided no evidence. Separately, Kaspersky Lab reported a targeted cyberattack on its senior employees using an invisible iMessage with a malicious attachment. A company spokesman stated that Russian authorities believe the attacks are linked but didn’t directly attribute them to the United States.
3. New Magecart-style campaign targeting legitimate e-commerce sites
Cybersecurity researchers have discovered an ongoing Magecart-style web skimmer campaign that poses a significant threat to e-commerce websites. The campaign involves hijacking vulnerable sites and using them as command-and-control servers. Notably, the attackers employ evasion techniques, disguising the skimmer code as popular third-party services such as Google Analytics. The compromised websites unwittingly distribute the malware to other vulnerable sites, amplifying the attack's impact. This sophisticated campaign targets websites globally, jeopardizing the personal data and credit card information of thousands of visitors.
4. North Korean hackers impersonating journalists to collect intel
The North Korean hacker group Kimsuky, also known as APT43, has been conducting spear-phishing campaigns to gather intelligence. Kimsuky impersonates journalists and academics, using convincing tactics to deceive targets. Multiple government agencies in the U.S. and South Korea have issued a joint advisory highlighting the group's activities. The advisory emphasizes the need for strong passwords and multi-factor authentication as essential measures to mitigate this threat. It also cautions against enabling macros or opening attachments from unknown sources.
5. Hackers using stealthy SeroXen RAT to target gamers
Cybercriminals are increasingly targeting gamers using a fileless RAT (remote access trojan) called SeroXen, which is distributed through social media and hacker forums. This malware combines various open-source projects, making it highly effective at evading detection. SeroXen is delivered through Discord channels or phishing emails using a hidden batch file that installs the final payload as rootkit arrays. The malware is primarily aimed at the gaming community, available for as little as $15-$30 per month. Its low cost and undetectable nature pose significant threats, prompting cybersecurity researchers to raise awareness and highlight its capabilities.
See Infosec IQ in action