TL;DR: Cyber-Hoax and Infected Template (33rd week)

A ransomware group misidentified their victims with similar organisation and began to blackmail them; security researchers detected a unique vector for spreading malware; and a hacking enthusiast described at a conference how he took control of a satellite.

Cyber-hoax of ransomware group

South Staffordshire Water, a company supplying drinking water to 1.6 million consumers in UK, has become a target of a Clop ransomware attack. The cybercriminals made a mistake and announced they accessed the systems of another (London-based) company, Thames Water, and could manipulate to cause harm to 15 million customers in water supplies. Thames Water described the attack as a cyber-hoax. The fact that the attackers misidentified the victim of their attack indicate not only stolen data published by the attackers as evidence of the attack, but also the South Staffordshire Water’s statement of the attack.

Unique vector for spreading malware

Security researchers published information about a hacking campaign targeting Ukraine. The campaign attributed to the Russian APT group Gamaredon uses malware to alter default Word template (Normal.dotm) via a specially crafted macro. Each new document created by the victim is then used to further spread the malware.

Fine for Google

The Australian Competition and Consumer Commission (ACCC) announced that Google was fined 60 million dollars for misleading Australian Android users regarding the collection and use of their location data between January 2017 and December 2018.

Dozens of malicious apps

Security researchers at Bitdefender published a list of 35 malicious apps spreading through the Google Play Store platform on Android devices. The apps have been downloaded on more than 2 million devices and once installed, they start displaying aggressive ads on the compromised device. To conceal their presence, both the name and icon change after installation, increasing the chance that a less experienced victim will not find the malicious app.


  • BlackByte ransomware group is working with a new version of ransomware. The group also has a new website and has started utilizing new extortion techniques borrowed from the LockBit ransomware group.
  • Cleafy security researchers published a report regarding SOVA, a new Banking Trojan (on Android devices). In the report, they disclosed that the malware has a new ransomware functionality – encrypting the victim’s data through an AES algorithm.
  • Shadytel, a member of the “hacking enthusiasts”, disclosed at the DEF CON hacking conference that he and his friends were able to legally control the Anik F1R satellite, decommissioned in 2020. They were just playing with the satellite, streaming classic hacker movies, and needed a €300 tool and access to an unused uplink facility to connect to a satellite.
  • Three Nigerians were extradited from the UK to the US for their collaboration in business email compromise and money laundering. Together they are liable for financial damages worth 5 million dollars.
  • The Judiciary of Córdoba in Argentina was hit by Play ransomware attack. The attack disabled the Court’s IT systems and databases, fundamentally affecting its operations. The attack is under investigation and so far it is not clear whether the cybercriminals have accessed the data.
  • Ponemon Institute security researchers published a report focusing on data leakage methods. The report shows that, for example, 54% of incidents were caused by the theft of login credentials and 59% of organizations do not cancel access for employees who no longer need it.

« Späť na zoznam