Outbound cyberattacks emerging from North Korea attributed to APT group Lazarus went down last week. The five countries that were constantly targeted by this group reported lesser attacks and the number of phising emails interecepted also registred a decline during this period. This could mean that the hackers are preparing for something bigger or that they are in the process of reviewing their tactics. Another possibility is that they may have uncovered data of significance and are analyzing that as we speak.
Attacks on manufacturing plants and healthcare continues to rise for the 7th consecutive week. Most of these attacks were coming in from the South-East Asia and Middle East regions and targets included countries in Western Europe and North America where many manufacturing plants that were shut down or were functioning at partial capacity due to the pandemic scaled up their operations.
Hackers are targeting multiple agencies for gathering information on their targets. A note floating on the Dark Web intercepted by Subex’s threat research team shows a clear preference among hackers for subscription-based online directories, industry associations and even CRM data. The data gathered from such sources illegally is used by hackers to launch targeted attacks. Some of this data is also being sold on the Dark Web.
Weekly advisory
We expect the attacks on these sectors to grow this week
- Manufacturing plants and maritime agencies
- Defense establishments
- Healthcare
- Utility entities
- Financial services
- Government websites and agencies – especially lawmakers and government agencies connected with internal/homeland security