Researchers have identified a new info stealing malware that has been targeting macOS devices and is being distributed to victims who access the compromised website as a browser update. This infostealer, dubbed FrigidStealer, is being used by known threat group TA2727 to exfiltrate credentials and other finance-based information that may allow them access to banking data and cryptocurrency. TA2727 has also been spotted using LummaStealer and other infostealers that are focused on both Windows and Android systems, using their tactics to target a large range of victims.
Sarcoma ransomware breaches Taiwanese electronics manufacturer
Recently, the threat actors behind the Sarcoma ransomware group have published a 377GB data trove of data that was allegedly stolen from the Taiwanese PCB manufacturer Unimicron, and have given the company about 1 week to pay the demanded ransom before the data is made available. It is believed that this data was stolen during a ransomware attack on one of Unimicron’s subsidiaries on January 30th, though there has been no disclosure of a data breach yet.
Australian IVF provider suffers data breach
Over the last week, officials for the Australian fertility service provider, Genea, revealed that they had identified a security intrusion into their systems and were forced to take several operational systems offline. In the days since this incident was first discovered, the investigation is still ongoing to determine how the hackers were able to gain access to the network and if any sensitive employee or patient information was compromised. Genea staff are working on informing all current patients if any of their scheduled treatments need to be adjusted.
Snake Keylogger emerges with new tactics
As one of the most prolific infostealers in the world, Snake Keylogger has recently received several updates to enhance its capabilities for exfiltrating stolen data and remaining undetected. With most of its victims coming from Southeast Asia, Snake Keylogger is active in many countries around the world and is typically distributed through malicious email attachments that originate from phishing campaigns. It uses process hollowing to remain undetected by injecting malicious code into well-known Windows processes to gather credentials and exfiltrate them to off-site servers.
Venture capital firm falls to social engineering
In the middle of January, staff at the New York-based venture capital firm, Insight Partners identified unauthorized activity in their network, which they claim was due to a social engineering attack against their employees. As the investigation is ongoing, it has yet to be revealed if ransomware was deployed for encryption or if any customer information was exfiltrated during the incident.
