Government

Polyclinic Of Russian Presidential Administration Suffers Zero-Day Attack

4 - 11 December 2018
One of the polyclinics of the Presidential Administration of Russia suffered an APT attack at the end of November, after victims received a lure document that exploited an Adobe Flash zero-day (CVE-2018-15982) to download a malware with self-destruction functions.
One of the polyclinics of the Presidential Administration of Russia suffered an APT attack at the end of November, after victims received a lure document that exploited an Adobe Flash zero-day (CVE-2018-15982) to download a malware with self-destruction functions. The polyclinics mainly serve civil servants of the highest authorities of the Russian Federation and high-profile figures from the science and art sectors. The sensitive nature of the polyclinic and its patients, as well as the occurrence of the attack after the recent Kerch Strait incident between Ukraine and Russia, suggest that the attack could be highly targeted with political undertones. 

References:
[1] Operation Poison Needles - APT Group Attacked the Polyclinic of the Presidential Administration of Russia, Exploiting a Zero-day
 
 

More Weekly Cyber Newsanalysis and insights

Weekly Comments

03 Dec 2018
While some APT groups have been avoiding the use of custom malware and adopting off-the-shelf tools to minimise suspicion and attribution of attacks, still there are prominent groups that continue to invest heavily in developing and refining custom backdoors, as well as hunting for zero-days.

Survey Error Exposes Patient Data From Thielen Student Health Center

03 Dec 2018
An error with the keying in of patient information for a patient satisfaction survey at Thielen Student Health Center (TSHC) enabled 600 patients to see the names, appointment dates, and medical providers of other patients.

Stolen Pencil APT Campaign Targets Academic Institutions Since May

03 Dec 2018
The Stolen Pencil APT campaign, which has links to North Korea, has been targeting academic institutions since at least May 2018.

Netflix Phishing Emails Fool Unsuspecting Recipients

03 Dec 2018
Attackers have been disseminating phishing emails in the name of Netflix to fool unsuspecting recipients.

TheDarkOverLord Hacks Channel Ship Services

03 Dec 2018
TheDarkOverLord hacked Channel Ship Services, a specialist offshore maritime recruitment and placement company operating out of the Channel Islands, and pilfered confidential documents such as seafarer agreements and contracts that specify contractors’ names, passport numbers, wage rates, and other contractual provisions.

East European ATMs Raided Using KoffeyMaker Toolkit

03 Dec 2018
Researchers found that cybercriminals had raided the ATMs of several East European banks between 2017 and 2018 using a toolkit dubbed KoffeyMaker.
Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Learn more
Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Learn more
Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Learn more
Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence

Learn more