We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!
“U.S. authorities […] announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation’s biggest financial institutions and brokerage firms […]. The defendants are accused of hacking into [the largest U.S. bank] in 2014, stealing the names, addresses, phone numbers and email addresses of the holders of some 83 million accounts at the financial institution –a breach that the Justice Department has dubbed the “largest theft of customer data from a U.S. financial institution in history.”
Legal and Regulation
“Attorney General Loretta E. Lynch, U.S. Attorney Preet Bharara of the Southern District of New York, Assistant Director in Charge Diego Rodriguez of the FBI’s New York Field Office and Special Agent in Charge Robert J. Sica of the U.S. Secret Service (USSS) New York Field Office announced today the unsealing of a superseding indictment charging Gery Shalon, aka “Garri Shalelashvili,” “Gabriel,” “Gabi,” “Phillipe Mousset” and “Christopher Engeham,” with orchestrating massive computer hacking crimes against U.S. financial institutions, brokerage firms and financial news publishers, including the largest theft of customer data from a U.S. financial institution in history (the U.S. Financial Sector Hacks). Shalon is charged with committing these crimes with Joshua Samuel Aaron, aka “Mike Shields,” in furtherance of securities market manipulation schemes that Shalon and Aaron perpetrated with defendant Ziv Orenstein, aka “Aviv Stein” and “John Avery” in the United States.”
“Dubbed by the security firm “Cherry Picker,” the threat has been around since at least 2011, but it managed to stay under the radar thanks to its sophisticated functionality and use in highly targeted attacks. In 2011, Trustwave started analyzing several pieces of malware designed to inject processes with cardholder data. One of these toolsets consisted of two components: sr.exe, which is a command line interface, and searcher.dll, which got injected into targeted processes bysr.exe. This toolset was often found on infected systems alongside other threats, such as a PoS malware created using the AutoIt scripting language, and Rdasrv, one of the earliest PoS RAM scrapers.”
– Security Week
” The hacker group – dubbed “Rocket Kitten” by security experts who have been hunting the hacker group since early 2014 – has mounted cyberattacks on high-profile political and military figures globally since that time, according to researchers from several cyber security firms who have monitored its activities.”
“The Army’s cyber branch is using pilot programs and training center rotations to show commanders at a variety of echelons what cyber capabilities can be brought to the table and, at the same time, refine how cyber will be a part of tactical operations both on the defensive and offensive side, cyber leaders said Tuesday at an Association of the US Army forum.”