In this week’s Cyber Blurbs Roundup, we go over the latest attack against SolarWinds, the disappearance of a vicious ransomware group, and a zero-day vulnerability found within iOS devices.
Notorious Ransomware Gang Goes Dark
REvil, the ransomware group claiming responsibility for some of the higher-profile cyber attacks of the last year, has disappeared from the internet. The group’s dark web-hosted page went offline on July 13, about 10 days removed from its latest attack against American company Kaseya.
The group’s disappearance also came just a few days following an official response from the White House, with US President Joe Biden saying he’d reached out to Russian President Vladimir Putin to combat the attacks taking place against American companies. There is no indication that the group’s disappearance was a direct result of the Biden Administration’s call to action.
As noted, REvil had made plenty of headlines over the last 12 months, though none more notable than its attack against Kaseya. The group reportedly requested more than $70 million in bitcoin following a Fourth of July weekend hack against Kaseya and its customers, which is said to have impacted as many as 1,500 businesses across the globe. Also on REvil’s resume are attacks against the world’s largest meat supplier JBS, and computer company Acer (which in turn resulted in a headache for Apple).
The group has reportedly raked in approximately $11 million in ransomware attacks, according to CNN.
Microsoft Spots New Critical SolarWinds Vulnerability
It has not been a good year for SolarWinds. Previously one of the premier IT management and software companies in the world, the company has found itself on the wrong end of numerous high-profile attacks since the start of 2020.
Earlier this month, Microsoft discovered a zero-day vulnerability in SolarWinds’ Serv-U product line, privately notifying the company of the problem. SolarWinds later issued a hotfix to the flaw, but not before bad actors could take advantage. Days after news of the vulnerability became public, Microsoft announced the vulnerability had been exploited by what appears to be a China-based hacker.
“Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures,” the company wrote in a blog post.
The vulnerability provides hackers with the ability to gain elevated system privileges to run malicious code remotely. The possibilities from there aren’t quite endless, but extensive enough to cause some considerable concern for SolarWinds and its customers.
SolarWinds first made headlines late last year, as the company was revealed to have suffered a massive attack that impacted numerous federal agencies.
SolarWinds Hackers Target iOS Users
Google recently discovered a zero-day vulnerability associated with iPhones, publishing its findings in a blog post earlier this month. In a joint effort with Microsoft, security researchers at Google said the same Russian-state hackers who targeted SolarWinds last year also targeted iOS users via a malicious email campaign aimed at stealing login credentials from Western European governments.
Google says users were targeted on LinkedIn, providing them with malicious links that redirected them to harmful websites to install malicious payloads. Worse yet, the report from Google states that fully updated iPhones were also at risk.
According to Google’s Project Zero, this is just the latest zero-day attack in what’s been an awfully busy year for hackers and security experts. Per the report, 2021 has already seen 33 such attacks, whereas 2020 brought 11.
You can read the full report from Google here.
