COMPANY BLOGPOSTED Sep 1, 2023

Threat Intelligence Report - September 1, 2023.

The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.

NetFire Threat Intelligence Team

University of Michigan Shuts Down Internet After Cybersecurity Incident

The University of Michigan temporarily disabled its internet access due to a major cybersecurity incident just as the new academic year began, affecting essential campus IT systems, including those for research, fundraising, and potentially delaying financial aid. The exact cause of the outage was not detailed, but the university's statements implied malicious cyber activity, coming shortly after a White House meeting emphasized the importance of safeguarding educational institutions from cyber threats.

Paramount Breached and Personal Info Leaked

Paramount Global, a major American entertainment company, reported a data breach after hackers accessed its systems, compromising personally identifiable information (PII) like names, birth dates, and government-issued IDs of fewer than 100 individuals between May and June 2023. While the exact details of the breach remain undisclosed, it was clarified that the incident wasn't a ransomware attack or related to the recent Clop-led MoveIT data theft campaigns.

Forever 21 Breached Again Affecting Half a Million People

Clothing retailer Forever 21 reported a data breach affecting over 539,000 individuals, which took place over three months starting in January 2023; compromised data includes personal details and information about employees' health plans. This breach, whose details remain unclear, marks the company's second significant cybersecurity incident following a 2017 theft of credit card data from its in-store payment systems.

Medical Food Delivery Service PurFoods Breached Affecting 1.2 Million

PurFoods, an American meal delivery company serving individual customers and over 500 health-related entities, experienced a data breach impacting over 1.2 million customers, exposing personal identifiers like Social Security numbers, health insurance details, and potentially medical information. The breach, caused by a malicious actor, was discovered in July but occurred in January, and while PurFoods claims no evidence of misuse, they have offered credit monitoring services to affected individuals and are bolstering their security measures.

Trojanized Signal and Telegram Apps Deliver Spyware on Google Play

Trojanized versions of popular messaging apps Signal and Telegram, named 'Signal Plus Messenger' and 'FlyGram,' were uploaded to Google Play and Samsung Galaxy Store by the Chinese APT hacking group GREF. These compromised apps contained BadBazaar spyware capable of tracking device location, stealing personal data, and even linking a victim's Signal accounts to attacker-controlled devices, primarily targeting users in multiple countries including Ukraine, Poland, the U.S., and others.

BONUS - Happy Labor Day Weekend! Keep a close eye on this one.

Telegram Based Classiscam Fraud as a Service Expands Reach

The "Classiscam" fraud-as-a-service operation has expanded its scope, now targeting 251 brands and banking credentials in 79 countries, with the criminal activity coordinated through 1,366 Telegram channels. Using advanced phishing kits, the operation has become more automated and sophisticated, featuring fake bank login pages and balance checks, and is linked to 393 criminal gangs that have collectively caused an estimated total damage of $64.5 million by scamming users and stealing their financial information.

Follow NetFire and stay tuned for more insights.

#NetFireThreatIntelligence #ThreatIntelligence #NetFire #UMich #Paramount #Forever21 #PurFoods #Classiscam #NetOnFire