Weekly Threat Briefing: Hacked Bulgarian Database Reaches Online Forums

Weekly Threat Briefing: Hacked Bulgarian Database Reaches Online Forums

July 23, 2019 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: APT, Compromise, Malspam, Phishing, Ransomware, RAT, Threat group, Underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.

Ke3chang
The Advanced Persistent Threat (APT) group “Ke3chang” is believed to be based in China and has been active since at least 2010. FireEye researchers first identified the group in their report on a cyber espionage campaign dubbed “Operation Ke3chang” that was published on December 11, 2013. Since that initial report, the group has continued to conduct cyber espionage campaigns that target entities associated with governments, such as ministries of foreign affairs and contractors. However, specific targeting of one company within a particular industry has also been observed.

Gamaredon Group
The Advanced Persistent Threat (APT) group called “Gamaredon Group” is believed to be a Russia-based group that has been active since at least 2013. The group is known for conducting cyber espionage campaigns targeting the Ukrainian government, law enforcement officials, and military. The Lookingglass Cyber Threat Intelligence Group first reported on the group in their report on a cyber espionage campaign dubbed “Operation Armageddon” in April 2015, according to Palo Alto Networks Unit 42 researchers. This led Unit 42 researchers, in February 2017, to name the group “Gamaredon Group” because they believe the group conducted Operation Armageddon.
Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.