Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

Norway Data Breach, PoetRAT, and Lemon Duck – KNOW Your Cloud Security Threats

Norway Parliament accuses Russian hackers; Public and private sector in Azerbaijan under attack

Post by Rajarshi Mitra In Security on Oct 15, 2020

KNOW is a news-aggregating platform that collates the hottest security stories from around the web and arranges them in different categories. Think of it as a Google News of cybersecurity, if you will. Today, let’s focus on the “Cloud Security” category.

PoetRAT

So, as per KNOW, we have three stories that are currently trending right now in this category.

  • Norway parliament accuses Russian state-sponsored hackers for August data breach.
  • PoetRAT used to attack public and private sectors in Azerbaijan.
  • Talos discovers Lemon Duck, a Monero-related malware.

Norway parliament breach

The Norwegian parliament announced that Russian state-sponsored hackers were behind the August data breach. During the breach, hackers stole data from various officials’ email accounts. Norway Foreign Affairs Minister Ine Eriksen Søreide said:

“This is a very serious incident, affecting our most important democratic institution. Based on the information the government has, it is our view that Russia is responsible for these activities.”

The Russian embassy in Oslo has hit back at these accusations by calling them “unacceptable” and “destructive for bilateral relations.”

Reactions on Twitter

@LuluLemew 

Norway’s parliament target of a “vast” cyberattack that allowed attackers to access & download emails & data of “a small number of MPs and employees” on 8/24

Based on “information in the possession of the government, we believe that Russia is behind this”

@DmytroKuleba 

Russia is to be held responsible for the cyberattack on Norwegian parliament. Ukraine is ready to enhance cooperation with Norway & other partners in countering cyber threats. Euro-Atlantic solidarity & mutual support are key to address challenges of hybrid warfare.

@BBCWorld 

Norway blames Russia for cyber-attack on parliament

Azerbaijan public and private sectors targetted by PoetRAT

Discovered by Cisco Talox, PoetRAT was a malware distributed using URLs that appeared as Azerbaijan’s government domains. The developers behind the malware have continuously pushing different strategies to attack more sophisticated targets. 

PoetRAT references from KNOW

PoetRAT

  • Total references: 368
  • References in the last 60 days: 131
  • References in the last 7 days: 39

PoetRAT context from KNOW

PoetRAT

  • Related Intrusion Methods: Phishing, data exfiltrate, keylogger, data exfiltration, spear phishing, credential stealing, and password stealer.
  • Most recent sandbox sighting: Hybrid Analysis result for ‘udemy checker.exe’
  • Related domains: 3 
  • Hashes: 21 
  • URLs: 
  • Industries targetted: Scada & Ics companies and Energy & Natural resources.

Lemon Duck and cryptocurrency mining

Cisco Talos has recently discovered a new malware called “Lemon Duck,” a mining payload that steals a victim’s resources to mine the Monero (XMR) cryptocurrency. Lemon Duck uses various techniques to spread across the network, such as sending infected RTF files using email, psexec, WMI and SMB exploits (like the infamous Eternal Blue and SMBGhost).

Lemon Duck references from KNOW

PoetRAT

  • Total references: 455
  • References in the last 60 days: 198
  • References in the last 7 days: 4

What is KNOW?

Netenrich’s Knowledge Now (KNOW), is a free AI-based threat intelligence news aggregator that provides a broader and deeper context of emerging threats and attacks – in one place. KNOW correlates global news around a specific threat by adding diverse perspectives from different publishers. If you want to KNOW more, then read this.

Netenrich’s powerful combination of threat and attack surface intelligence provides a unique new offering called “resolution intelligence.” Use this combo to optimize SecOps and IT to reduce alert fatigue and act on the most critical notifications first.

Do you want to know how this combo works? Then check this out. Meanwhile, who don’t you do your SOC team a solid and sign up for KNOW? It’s completely free, and it will be invaluable for your security team’s threat intel research.

CONNECT WITH US

About Author

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat, catching up on the latest Netflix docu-series.....or watching Harry Potter for the 5781241516th time.