Government
Polyclinic Of Russian Presidential Administration Suffers Zero-Day Attack
4 - 11 December 2018
One of the polyclinics of the Presidential Administration of Russia suffered an APT attack at the end of November, after victims received a lure document that exploited an Adobe Flash zero-day (CVE-2018-15982) to download a malware with self-destruction functions.

One of the polyclinics of the Presidential Administration of Russia suffered an APT attack at the end of November, after victims received a lure document that exploited an Adobe Flash zero-day (CVE-2018-15982) to download a malware with self-destruction functions. The polyclinics mainly serve civil servants of the highest authorities of the Russian Federation and high-profile figures from the science and art sectors. The sensitive nature of the polyclinic and its patients, as well as the occurrence of the attack after the recent Kerch Strait incident between Ukraine and Russia, suggest that the attack could be highly targeted with political undertones.
References:
[1] Operation Poison Needles - APT Group Attacked the Polyclinic of the Presidential Administration of Russia, Exploiting a Zero-day
References:
[1] Operation Poison Needles - APT Group Attacked the Polyclinic of the Presidential Administration of Russia, Exploiting a Zero-day
More Weekly Cyber Newsanalysis and insights

Weekly Comments
While some APT groups have been avoiding the use of custom malware and adopting off-the-shelf tools to minimise suspicion and attribution of attacks, still there are prominent groups that continue to invest heavily in developing and refining custom backdoors, as well as hunting for zero-days.

Survey Error Exposes Patient Data From Thielen Student Health Center
An error with the keying in of patient information for a patient satisfaction survey at Thielen Student Health Center (TSHC) enabled 600 patients to see the names, appointment dates, and medical providers of other patients.

Stolen Pencil APT Campaign Targets Academic Institutions Since May
The Stolen Pencil APT campaign, which has links to North Korea, has been targeting academic institutions since at least May 2018.

Netflix Phishing Emails Fool Unsuspecting Recipients
Attackers have been disseminating phishing emails in the name of Netflix to fool unsuspecting recipients.

TheDarkOverLord Hacks Channel Ship Services
TheDarkOverLord hacked Channel Ship Services, a specialist offshore maritime recruitment and placement company operating out of the Channel Islands, and pilfered confidential documents such as seafarer agreements and contracts that specify contractors’ names, passport numbers, wage rates, and other contractual provisions.

East European ATMs Raided Using KoffeyMaker Toolkit
Researchers found that cybercriminals had raided the ATMs of several East European banks between 2017 and 2018 using a toolkit dubbed KoffeyMaker.
Ensign Consulting
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services
Ensign Labs
Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence