Flagstar Bank has just confirmed the number of customers affected by a December 2021 data breach after concluding their 6-month investigation. In other cybersecurity news, Fancy Bear phishing attacks have been targeting Ukrainian organizations.
BRATA Android malware upgrades to APT category of threat
What started off as an Android-based info stealer has recently been spotted with new techniques and attack patterns that have updated BRATA from localized malware into a full Advanced Persistent Threat (APT). BRATA reached this new category by using new techniques to remain hidden on infected systems for an increased amount of time to continue gathering additional information, and now includes new phishing techniques and a secondary payload that communicates with a C&C server. The most recent campaigns by BRATA have been highly targeted and focus on a single financial institution at a time, and only moving onto the next bank once their malicious activities have been identified.
Fancy Bear phishing campaign targets Ukrainian organizations
In the last few weeks, security staff for several Ukrainian organizations have been monitoring a series of phishing attacks that are initiated by the Fancy Bear APT group, that operate out of Russia. Following a successful Fancy Bear attack, the victim organization is infected with the CredoMap info stealer, which begins exfiltrating cookies and account credentials from all unpatched devices. Alongside CredoMap is a payload of Cobalt Strike beacons, that can be used maliciously to gain remote access to a system and distribute additional malware payloads.
Europol confirms takedown of major phishing group
With the combined efforts of both Belgian and Dutch law enforcement agencies, 9 individuals behind an international phishing organization have been arrested, and police also raided 24 houses for firearms, cash, and other valuables. The group is responsible for millions in stolen assets and may be linked to both weapons and drug trafficking charges. Many of the victims received SMS messages or emails that claimed to be from a legitimate financial institution and requested the victim to enter their credentials, which then allowed the attackers to drain all available accounts.
Cyberattack affecting Yodel delivery service
Recently, customers waiting for a delivery from the Yodel parcel company in the UK have found that delivery and tracking information are unavailable following a cyberattack on the company’s systems. Yodel later posted an official statement on their website that confirms a security incident occurred, was affecting a variety of their services, and causing delays in shipping. It has yet to be confirmed if ransomware was involved, or if any interactions have taken place between Yodel and the attackers.
Flagstar Bank announces data breach affecting 1.5 million customers
Following a data breach back in early December of 2021, officials for Flagstar Bank have released their statement regarding the incident and confirmed that over 1.5 million customers have been affected. After working with security professionals for 6 months to investigate the intrusion into their systems, it is believed that any stolen information has not been leaked or used in a malicious manner. This is the second security incident to victimize Flagstar in the past year, as they were also affected by the Accellion FTP incident in December of 2020.
