Intelligence Corner

A recent research whitepaper published by BitDefender's security researchers outlines the evolving capabilities of FIN8 and differences between multiple BADHATCH versions in response to detecting a new malware being dubbed Sardonic. FIN8 has been active since the beginning of 2016 and is best known for attacking industries like retail, restaurant, hospitality, healthcare, and entertainment with the goal of harvesting payment card information from point-of-sale (POS) systems. Their arsenal includes tools like BADHATCH, PoSlurp, PowerSniff and multiple Windows zero-day exploits with tactics like spear-phishing. Over the years, FIN8 has orchestrated multiple large-scale campaigns that have impacting hundreds of companies. The Sardonic malware is a new C++-based backdoor being developed and deployed by FIN8 on targets via spear-phishing and social engineering campaigns. Functionalities of the new malware include the following: system information harvesting command execution on compromi...

Recent reports have indicated fraudsters leveraging a XSS vulnerabilities on UPS.com to issue fake UP Invoice Microsoft Word docs. UPS, for the very few who are not familiar, is the United Parcel Service and a popular American shipping and receiving, supply-chain management company. Researcher Daniel Gallagher first encountered the scam pretending to be an email from UPS claiming that a package had an "exception" and needed to be picked up by the customer. The threat actor uses a XSS vulnerability in UPS.com to modify the regular look of the website to make it appear like a legit download page. This vulnerability allows the fraudster to push a malicious doc through a remote Cloudflare worker but it comes it looking like it came from UPS.com. The email, itself, contains multiple legitimate links that likely serve only to legitimize the email. The tracking number, however, is a link to the UPS site that contains the exploit for an XSS vulnerability that will inject JavaScript i...

 A well-known hacker, ShinyHunters, listed a database containing personal information on 70 million AT&T customers on a popular criminal forum yesterday. The starting price of this data is $200,000 USD with incremental offers at $30,000 USD but ShinyHunters stated that he/she would sell the data immediately for $1 million.    From the samples shared by Shiny, it seems the database contains information like names, addresses, phone numbers, SSNs and birth dates. An anonymous researcher told reporters that two of the four people in the samples had confirmed att.com accounts. Not much else is known about how this information was obtained as AT&T stands firmly behind their assertion that they had not come from them.  ShinyHunters, however, is a well-known and accomplished hacker with a history of compromising web pages and developer repositories with the goal of harvesting credentials and API keys. Shiny uses this information to then steal databases and sells thos...