Find out the biggest cyber security stories from across the globe in our Cyber Weekly Digest. This week we dive into the latest on a possible second APT exploiting SolarWinds, the social media crackdown of trafficking hijacked accounts and Oxfam Australia's recent data breach.

‍

1. A 20-year-old was arrested in the U.K. for operating an online service known as "SMS Bandits." ‍

The U.K.'s National Crime Agency has arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service is marketed as "SMS Bandits", responsible for huge volumes of phishing lures including COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.‍

‍

2. A second APT, possibly backed by China, may have exploited a SolarWinds bug to install the Supernova backdoor.‍

This week the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw. Reuters reported that the APT's infrastructure used in the attack matches that known to be deployed by government-backed Chinese actors. SolarWinds confirmed that the new APT offensive was not a supply-chain attack; instead, the cyber attackers exploited a software vulnerability in Orion after it was installed in targets' networks, to establish the backdoor called Supernova.‍

‍

3. Babyk ransomware operation has launched a new data leak site with a list of targets they won't attack.

Babyk ransomware operation has launched a new data leak site with a list of targets they won't attack. Included in the list were hospitals, non-profit, schools and small businesses. However, the list included exclusions dictated by personal opinions such as targeting charities who help LGBT and BLM. It is not commonly seen that personal opinions can be a determining factor in ransomware operators choosing targets. With the release of Babyk's site, there are now a total of nineteen active ransomware data leak sites used in double extortion tactics.‍

‍

4. Social media platforms crackdown on users involved in trafficking hijacked users accounts. ‍

Facebook, Twitter, Instagram and TikTok all took action to seize hundreds of accounts the companies say have played a significant role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames. Some of the accounts seized relate to a forum that sells social media access and other online accounts named OGUsers. One of the most active accounts targeted was the Instagram profile "Trusted", self-described as "top-tier professional middleman/escrow since 2014."‍

‍

5. Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database online.‍

A database was found on a hacker forum this week. A threat actor claims to be selling a database containing the Oxfam Australia contact and donor information for 1.7 million people. The database sample includes names, emails, addresses, phone numbers and donations. From the samples, it was confirmed that one of the records includes legitimate data. Oxfam Australia has launched an investigation into the data breach and reported the incident to the Australian Cyber Security Centre incident.