GlobalSign Blog

Cybersecurity News Round-Up: Week of April 5, 2021

Cybersecurity News Round-Up: Week of April 5, 2021

Maybe it was because I was hungry and waiting for some Chinese take-out to arrive, but when I read a CSO article earlier this week revealing that there is a ransomware gang that goes by the name "The Golden Chickens," I could not help but laugh (and yes, I became more even more hungry, too). You have got to admit it – it’s a catchy name. It ALMOST sounds wholesome. But we all know that’s far from the truth.

golden egg hatching.jpg

I bring this up because The Golden Chicken ransomware gang is now targeting professionals with phony job offers based on their LinkedIn profiles. Researchers from managed detection and response firm eSentire found that in a recent Golden Chicken attack, the hackers targeted a healthcare technology professional with a phishing email. The lure was a job offer, and it was identical to the one the target had listed on their own LinkedIn profile page. This approach is apparently this gang’s MO. According to eSentire’s research report, once more_eggs is installed on the victim’s computer system, the Golden Egg’s “seedy customers” can go in and infect the system with any type of malware or use a backdoor with the intention of pulling data. That’s no yolk!

Okay, back to being serious.

  • Facebook was back on the proverbial hot seat this week with revelation of a massive breach of more than 500 million users. This information of more than 533,000,000 Facebook users was shared, but thankfully it didn’t include passwords.
  • In the EU, a spokesperson for the European Commission announced that the organization, along with several other EU institutions, are victims of a large cyber attack. Fortunately, so far there is no indication that any data has been leaked.
  • Top French electronics manufacturing services company Asteelflash is also now the victim of a ransomware attack courtesy of the REvil ransomware gang. Their asking price is $24 million.
  • A Russian hacker has sold a jaw-dropping 900,000 gift cards valued at $38 million after claiming they had a database of more than 3,000 brand-name gift cards. A database could actually be connected to an older breach from a now-defunct discount gift card shop, Cardpool. The cards included well known brands such as Dunkin Donuts, Amazon, American Airlines, Target and Walmart.

That’s a wrap for this week. Wishing everyone a great weekend!


Top Global Industry News

IT Pro (April 7, 2021) European Commission hit by "significant" cyber attack

"The European Commission (EC) and other EU institutions have been hit by a cyber attack.

An EC spokesperson told IT Pro that an 'IT security incident' had affected a number of EU institutions, bodies, and agencies’ IT infrastructure.

Forensic analysis is still in its 'initial phase' and at this stage, it is too early to provide any 'conclusive information'.

'We are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and agencies and the vendor of the affected IT solution,' said the spokesperson."


Bleeping Computer (April 6, 2021) Hacker sells $38M worth of gift cards from thousands of shops

"A Russian hacker has sold on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million.

The database contained cards from thousands of brands and may originate from an older breach at the now-defunct discount gift card shop Cardpool.

The seller did not disclose how they got the cache but claimed that it included 895,000 gift cards from 3,010 companies, including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target, and Walmart."


CSO (April 6, 2021) Top cybercrime gang ‘The Golden Chickens’ use targeted fake job offers to deploy stealthy backdoor

"A group of criminals behind a stealthy backdoor known as more_eggs is targeting professionals with fake job offers tailored to them based on information from their LinkedIn profiles. The gang is selling access to systems infected with the backdoor to other sophisticated cybercrime groups including FIN6, Evilnum and Cobalt Group that are known to target organizations from various industries.

In a recent attack detected by researchers from managed detection and response firm eSentire, the hackers targeted a professional working in the healthcare technology industry with a phishing email mimicking a job offer for a position identical to the one the target had listed on their LinkedIn profile page. This seems to be a technique that this group, known in the security industry as the Golden Chickens, has also used in the past."


Slashgear (April 4, 2021) Facebook massive leak exposes 500 million users

"Facebook has been repeatedly accused not just of anticompetitive business practices but also of strategies that violate users’ privacy in order to make a profit. In that context, it’s almost ironic that the latest drama that the social networking giant will be dragged into isn’t something it actively or intentionally caused. Instead, the hundreds of millions of personal information that has just been leaked for free over the Internet may have been due to Facebook’s negligence but, as always, it will be those users who will be paying the ultimate price.

Over 533,000,000 Facebook users have had their information now exposed to the world, or at least to people with enough technical know-how to lift the pieces from the leaked database. Although it thankfully didn’t include passwords, which would have made it all too easy to hack into accounts directly, the dump did include Facebook IDs, phone numbers, full names, birth dates, and some email addresses. Taken together, these pieces of information could be used for phishing schemes or fraud to then get people’s credentials or even credit card information.

Business Insider says that a Facebook representative pointed to an old vulnerability as the source of this massive data leak. In 2019, that vulnerability allowed hackers to simply scrape phone numbers off Facebook’s servers without much effort. Facebook says it patched the vulnerability but it may have actually been too late to put the cat back in the bag."


Bleeping Computer (April 2, 2021) Asteelflash electronics maker hit by REvil ransomware

"Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom.
Asteelflash is a world-leading French electronics manufacturing services (EMS) company that specializes in the deWhile Asteelflash has not publicly disclosed an attack,

BleepingComputer found this week a sample of the REvil ransomware that allowed access to the Tor negotiation page for their cyberattacksign, engineering, and printing of printed circuit boards."


Other Industry News

Sierra Wireless resumes production after ransomware attack – Bleeping Computer

European institutions were targeted in a cyber attack last week - Bloomberg

Thousands of ERTE Applications lost following March cyberattack in Spain – Euroweekly News

Ransomware cleanup costs Scottish Agency $1.1 Million – DataBreachToday

France’s data protection authority has questions about Apple’s privacy compliance – CPO Magazine

A new headache for ransomware-hit companies. Extortionists emailing your customers – Tripwire

Protecting The Connected Automobile From Modern-Day Cyberattacks –

Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again – ZDNet

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post

Recent Blogs