Welcome reader to your CybersecurityHQ report.

Headlines

Russian threat actors are suspected of orchestrating the "largest cyber attack against Danish critical infrastructure," targeting 22 companies associated with the country's energy sector in May 2023, according to Denmark's SektorCERT. The agency found evidence linking the attacks to Russia's GRU military intelligence agency, also known as Sandworm, renowned for disruptive cyber assaults on industrial control systems. The coordinated attacks exploited a critical command injection flaw (CVE-2023-28771) affecting Zyxel firewalls, executed with precision and reconnaissance to determine the next steps. A second wave of attacks, possibly involving different threat actors, targeted more organizations from May 22 to 25, utilizing two additional Zyxel vulnerabilities as zero-days (CVE-2023-33009 and CVE-2023-33010) to create Mirai and MooBot botnets.

The compromised devices were weaponized for distributed denial-of-service (DDoS) attacks against U.S. and Hong Kong companies. The energy sector faces increasing threats not only from nation-state actors but also ransomware groups, prompting affected entities to disconnect from the internet and adopt defensive measures.

Cybersecurity researchers have uncovered a groundbreaking cloud-based cryptocurrency mining technique that operates undetected on Microsoft Azure Automation, developed by SafeBreach. The method allows for unlimited access to computational resources, demands minimal maintenance, incurs zero costs, and goes unnoticed. The study identified three execution methods, one enabling inconspicuous operation within a victim's environment. Azure Automation, a Microsoft service for cloud-based automation, played a key role, exploiting a bug in the Azure pricing calculator to execute an infinite number of jobs at no cost. Microsoft has since addressed this issue.

Alternative methods involve manipulating job statuses to hide code execution and leveraging Azure Automation's Python package upload feature. SafeBreach's proof-of-concept, named CloudMiner, demonstrates the ability to harness free computing power within Azure Automation. While the focus is on cryptocurrency mining abuse, the researchers caution that these techniques could be repurposed for various tasks requiring code execution on Azure, emphasizing the need for proactive monitoring and education within organizations to detect and prevent such undetectable resource creation.

In a recent discovery, cybersecurity experts have unveiled DarkCasino, an emerging advanced persistent threat (APT) exploiting a WinRAR security flaw disclosed as a zero-day vulnerability. NSFOCUS, the cybersecurity company leading the analysis, describes DarkCasino as an "economically motivated" APT with a high level of technical expertise, integrating various APT attack technologies. Previously known for targeting European and Asian online gambling platforms, DarkCasino's activities have evolved, now linked to the exploitation of CVE-2023-38831, a WinRAR flaw used to launch frequent and aggressive attacks.

The malware associated with DarkCasino, named DarkMe, functions as a Visual Basic trojan capable of information collection, screenshot capture, file and Windows Registry manipulation, command execution, and self-updating. The threat actor's geographical focus has expanded globally, reaching users of cryptocurrencies worldwide. This development has raised concerns, as multiple APT groups, including APT28, APT40, and Ghostwriter, have capitalized on the WinRAR vulnerability, posing a significant threat to critical targets such as governments in the latter half of 2023.

Interesting Read

Uncover the startling advancements in breaking RSA encryption, a threat far beyond quantum computing, in Forbes' latest must-read by Skip Sanzeri. Learn how MemComputing's breakthrough and NIST's quantum-resistant cryptography are pivotal in this escalating cybersecurity battle. Dive into the full article for crucial insights on safeguarding our digital future.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team