September 11, 2023

CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Telegram Clones Deliver Malware

Malicious Telegram clones on Google Play have infected over 60,000 users, stealing their messages, contacts, and data. The clone apps primarily target Chinese users, possibly linked to state monitoring efforts. Users should only use official messaging apps and to avoid downloading unofficial versions that promise extra features, at the risk of having their devices infected with malware. Google struggles to prevent malicious applications on the Play Store, as these are added via updates by publishers after the apps have been initially screened.

Microsoft Teams Messages Exploit Phishing Campaign

A phishing campaign is leveraging Microsoft Teams messages to deliver DarkGate Loader malware. Beginning in August 2023, the campaign used compromised Office 365 accounts from a victim organization to send deceptive messages containing malicious attachments to other organizations. These attachments, disguised as “Changes to the vacation schedule,” trigger the download of a ZIP file, ultimately leading to the DarkGate Loader payload. Microsoft hasn’t addressed this exploit directly, but recommends businesses apply safe configurations and disable external Teams access to protect themselves.

Ragnar Locker Claims Israeli Hospital Attack

Ransomware group Ragnar Locker took responsibility for the cyberattack on Israel’s Mayanei Hayeshua hospital, threatening to release 1 TB of stolen data. Although they refrained from encrypting devices to avoid disruptions operations at the healthcare facility, the attackers extracted sensitive information, including medical records, procedure details, and prescriptions. Over 420 GB of data has already been published, with more expected to follow. Hospital cyberattacks are lucrative targets for criminals, leveraging stolen private patient data to demand substantial ransoms.

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master) | CCSK | AZ-500