ZeroFox Daily Intelligence Brief - June 20, 2023
|by Alpha Team
ZeroFox Daily Intelligence Brief - June 20, 2023
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Please find today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- Clop Ransomware Breached Prominent Organizations—Over 50 Victims Named in Leaksite
- Suspected China-Based Hackers Target Government Officials and Institutions Following G7 Meeting
- Killnet Attacks Public Website of European Investment Bank via DDoS
- Vulnerabilities: CVE-2023-3320 and CVE-2023-3216
- Exploits: CVE-2019-16116 and CVE-2016-2555
- Breaches: BreachForums/XSS: Shotbow Data Breach and Credit Card Data Breach: 2023-6-19
Clop Ransomware Breached Prominent Organizations—Over 50 Victims Named in Leaksite
ZeroFox Intelligence has observed over 50 victims listed—with new names surfacing each day—in the Clop ransomware group’s leaksite after the gang’s exploit of a MOVEit Transfer bug (CVE-2023-34362). The target organizations span Europe, Australia, and North America, encompassing diverse industries including finance, healthcare, IT, pharmaceuticals, and education. Notable victims include Shell, British Airways, several U.S. federal agencies and universities, the American Board of Internal Medicine, Heidelberger Druck, Telos, and Landal Greenparks, among others.
Suspected China-Based Hackers Target Government Officials and Institutions Following G7 Meeting
Suspected China-based hackers targeted government officials from Australia, France, Singapore, and the United Kingdom following the recent G7 summit in Japan. The hackers attempted to install malicious software on target devices by sending emails purportedly from Indonesia's ministries of Foreign and Economic Affairs. It remains unclear whether these hackers were directly backed by the Chinese regime.
Killnet Attacks Public Website of European Investment Bank via DDoS
After a much-hyped threat to disrupt the “Western banking infrastructure” in retaliation for European support to Ukraine, Russian hacktivist group Killnet claimed responsibility for a distributed denial-of-service (DDoS) attack on the European Investment Bank (EIB). The bank has confirmed the claim, stating that a cyberattack affected the availability of two public-facing websites, eib[.]org and eif[.]org. The two websites are still inaccessible at the time of reporting.
VULNERABILITIES
- CVE-2023-3320 - The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1.
- CVE-2023-3216 - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
EXPLOITS
- CVE-2019-16116 - CompleteFTP Professional 12.1.3 - Remote Code Execution
- CVE-2016-2555 - ATutor 2.2.1 - SQL Injection / Remote Code Execution
BREACHES
- BreachForums/XSS: Shotbow Data Breach : (57,612 Records) | Email Address and password
- Credit Card Data Breach: 2023-6-19 : (92d889 | 3655) | Credit card
Tags: DIB, tlp:green