Researchers have been tracking a new remote access trojan (RAT) called SharpRhino, which has been disguising itself as a download for a well-known IP scanning tool that is commonly used by IT professionals. SharpRhino has been used as the initial attack vector for a number of ransomware attacks throughout 2024, mostly used by the Hunters International ransomware group. The main executable comes as an innocuous file, “ipscan-3.9.1-setup.exe” and contains an embedded zip which allows for persistence and additional malicious tasks.
Ransomware attack takes down French museum financial systems
Over the weekend, staff at several French museums identified some unusual activity on their internal financial systems which was later determined to be a ransomware attack. While one of the locations, the Grand Palais, is currently hosting several Olympic events, none of the systems involved with those events were compromised. The ransomware group behind the attack has yet to be identified, though they have demanded a ransom be paid within 48 hours or the stolen financial data will be published to a leak site.
Hackers breach mobile management app to wipe student devices
Students throughout Singapore have recently been struggling to use their Chromebooks after hackers breached the mobile device management platform, Mobile Guardian, and subsequently wiped nearly 13,000 devices. This is the second breach that Mobile Guardian has fallen victim to this year, after the initial breach in April, where hackers compromised the user management portal and accessed sensitive data for thousands of parents and school staff.
Chinese hackers compromise ISP software updates
Researchers have been monitoring a Chinese hacking group known as StormBamboo, which has compromised an unidentified internet service provider (ISP) and exploited an unsecured HTTP software updater to distribute malware to unsuspecting customers. StormBamboo has been operational since 2012 and been known by a variety of different names during their cyberattacks on dozens of organizations across multiple Southeast Asian countries.
Interpol assists with BEC scam recovery
In the last few weeks, staff for Interpol’s Global Rapid Intervention of Payments (I-GRIP) network have been working to return stolen funds from a $40 million BEC scam in Singapore. The unnamed Singaporean commodity firm made a significant payment to an email that was spoofing a legitimate vendor, and the fraud was only discovered several days later, when the vendor reached out regarding an unreceived payment. Fortunately, I-GRIP worked quickly to track down the fraudulent payment and block it from completing the transfer to the hacker’s bank account.
