Afternoon Dessert - 2022-08-08

Welcome to another Afternoon Dessert breakout:

Chinese hackers use new Windows malware to backdoor govt, defense orgs
An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe. [...]
Read more....

New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains
A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [domain generation algorithms], and thus more difficult to defend
Read more....

The Benefits of Building a Mature and Diverse Blue Team
A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy camper being part of Cymulate's blue team. What upset me was that my friend could not grasp the idea
Read more....

Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook
Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting
Read more....

Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore
A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe. "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB said in a report shared with The Hacker News. The cybersecurity firm called the
Read more....

7-Eleven stores in Denmark closed due to a cyberattack
7-Eleven stores in Denmark shut down today after a cyberattack disrupted stores' payment and checkout systems throughout the country. [...]
Read more....

Twilio discloses data breach after SMS phishing attack on employees
Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack. [...]
Read more....

Traffic Light Protocol for cybersecurity responders gets a revamp
Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.
Read more....

US sanctions crypto mixer Tornado Cash used by North Korean hackers
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash today, a cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019. [...]
Read more....

Slack admits to leaking hashed passwords for five years
"When those invitations went out... somehow, your password hash went out with them."
Read more....

Email marketing firm hacked to steal crypto-focused mailing lists
Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers. [...]
Read more....