Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 28, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 28, 2018
Top Breaches Reported in the Last 24 Hours
Russian hackers target Orthodox Christians
Russia-backed hackers, Fancy Bear, spent years trying to steal the private correspondence of some of the world's most senior Orthodox Christian figures. The targets included top aides to Ecumenical Patriarch Bartholomew I. The campaign is reportedly the Kremlin's effort to help Moscow’s Patriarch Kirill remain as the head of the Ukrainian Orthodox Church.
Atlas Quantum breach
Cryptocurrency investment platform Atlas Quantum suffered a data breach which exposed the personal details of over 260,000 users. The exposed data included names, telephone numbers, email addresses and account statements. Atlas Quantum said the hackers did not steal any funds from users' accounts. Some features of the platform have been temporarily disabled, as a precaution to ensure security.
ABBYY breach
ABBYY, the maker of optical character recognition software, suffered a breach due to an unprotected MongoDB database. Over 200,000 sensitive documents were exposed due to the breach. The data exposed includes details such as corporate emails and encrypted passwords, contracts, memos, letters, and other documentation.
Top Malware Reported in the Last 24 Hours
Android.Banker.L
Android.Banker.L is a newly discovered Android trojan that is considered to be an all-in-one malware. It combines the functionality of banking Trojans, keyloggers, and ransomware to compromise victim devices and steal data. Android.Banker.L can forward calls, record sound, conduct keylogging and deploy ransomware. The trojan is also able to launch device browsers with a URL received from its C&C server, which is contacted via Twitter.
RtPoS malware
A new family of PoS malware has been discovered dubbed RtPoS. The malware has basic obfuscation and purports to be the Windows Logon Service. After compromising the machine, the RtPoS obtains a process list and begins its iteration. The malware is capable of stealing payment card data and can remain undetected for longer than other malware variants since it saves stolen data locally instead of sending it to the C2 server. RtPoS is suspected to be a post-compromise tool and could be a part of a larger set of tools, which are yet to be identified.