17 May 2021

Purpose You may need to manually copy/paste/execute hyperlinks depicted below if your17 computer’s
May 2021
Educate recipients of cyber
events to aid in protecting security settings disable embedded hyperlinks displayed within a PDF file
electronically stored DoD,
corporate proprietary, and/or
Personally Identifiable
Information from unauthorized TWO REMOTE ACCESS TROJANS (RAT) TARGETING AEROSPACE SECTOR
access, theft or espionage

Source Security researchers are tracking to RATs that are flooding the aerospace and travel industry sectors with
This publication incorporates
open source news articles to
spear phishing email to deliver their malicious payload. The RATs goal is to infiltrate their computer
educate readers on cyber networks and then identify/exfiltrate sensitive data as COVID-weary citizens are increasingly making travel
security matters IAW USC Title
17, section 107, Para a. All plans to decompress after 12+ months of self-quarantine. Criminals have always been savvy in predicting,
articles are truncated to avoid and then profiteering off of emerging trends – and are never to be underestimated.
the appearance of copyright
infringement

Newsletter Team
Source: https://www.scmagazine.com/home/security-news/phishing/revengerat-and-aysncrat-target-
* SA Sylvia Romero aerospace-and-travel-sectors/?web_view=true
Albuquerque FBI
* CI Agent Scott Daughtry
Purple Arrow Founder

Subscription/Questions
Click HERE to request for your
JAPANESE TECHNOLOGY COMPANY CONFIRMS RANSOMWARE ATTACK
employer-provided email
address to be added to this
product’s distribution list Toshiba’s satellite company locations throughout Europe confirmed that a ransomware attack forced their
IT staff to disconnect portions of their computer network that is linked to their primary Japanese hub. The
Purple Arrow Overview
The Purple Arrow Working attack’s Indicators of Compromise (IOC) mimicked those used by Darkside ransomware group that
Group formed in 2009 to
address suspicious reporting
recently impacted petroleum deliveries in the United States last week.
originating from New Mexico
(NM) cleared companies. Purple
Arrow is a subset of the NM CI
Source: https://www.cyberscoop.com/darkside-ransomware-toshiba-hack/
Working Group

Purple Arrow Members

SMARTPHONE BATTERY LIFE ISSUES CONTINUE

Our membership includes
representatives from these New
Mexico-focused agencies:
902nd MI, AFOSI, DOE, DCSA,
DTRA, FBI, HSI, NCIS and the US One of the world’s most popular manufacturers of smartphone/tablet/computer devices is trying once
Attorney Office
again to fix their operating system from causing rapid battery drain via a scheduled software update. Their
Disclaimer
Viewpoints, company names, or
previous patch, which included a fix for battery drain, was found to shorten battery life even more rapidly
products within this document than its predecessor by 30 less minutes of battery life. The software update will include patches for
are not necessarily the opinion
of, or an endorsement by, the identified security vulnerabilities.
FBI or any member of the Purple
Arrow Working Group or NM CI
Working Group Source: https://www.zdnet.com/article/a-fix-is-coming-for-iphone-battery-and-performance-issues/
Distribution
You may freely forward this
product to U.S. person
co-workers or other U.S. agency
/ U.S. company managed email
NORWEGIAN ‘GREEN ENERGY” COMPANY HIT WITH RANSOMWARE
accounts

Personal Email/Foreigners
An energy company located in Oslo, Norway, which provides electricity to 44 European countries, was
The FBI will not send Purple impacted by a ransomware attack via the Ryuk ransomware group. The company did not believe its data
Arrow products to a non-United
States employer-provided email was exfiltrated by the hackers and are restoring their systems from cloud-based backup archives.
account (e.g. Hotmail, Gmail)

Source: https://www.securityweek.com/green-energy-company-volue-hit-ransomware?&web_view=true

UNCLASSIFIED
 UNCLASSIFIED

CHINESE COMPANY HUAWEI’S APP STORE CONTAINED MALWARE

A Russian antivirus vendor recently analyzed several smartphone applications posted on Chinese vendor’s Huawei Internet-based
app store and located ten apps, submitted by three vendors, which contained malware. The malicious code, when executed, auto-
subscribed smartphone owners to premium phone number services (that the malware authored profited from). The vendor stated
over 500,000 downloads of the malware-infected applications had occurred.

Source: https://therecord.media/android-malware-found-on-huaweis-official-app-store/?web_view=true

MASSIVE PHISHING OPERATOR HOOKED BY LAW ENFORCEMENT

Ukrainian law enforcement officers, in conjunction with U.S. and Australian federal agency assistance, took down one of the world’s
largest phishing operators that plagued victims around the world. A 39-year old Ukrainian man was identified and arrested as the
kingpin behind the U-Admin phishing scheme that began in late 2018; the man created a phishing development ‘package’ that
permitted criminals to rapidly create, and then deploy, phishing emails with web sites that mimicked legitimate vendors that stole
Personally Identifiable Information from fake logon screens.

Source: https://krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/?web_view=true

DOES SOCIAL MEDIA ACCOUNT USE = CYBER THREAT?

Research conducted by a London-based cybersecurity company tried to determine that answer to that question. Some facts their
research identified concluded that: (a) photos that are uploaded/tagged by other social media accounts can leak sensitive
information that hackers seek; (b) hackers and criminal groups conduct reconnaissance of social media accounts to build spear
phishing targets and leverage information the victim posts on their social media page(s) to create convincing emails and (c) several
North Korean threat actors, working on behalf of their government, created and leverage fraudulent social media accounts to target
certain categories of employees via their social media accounts.

Source: https://cyware.com/news/analyzing-the-relationship-between-social-media-and-cyber-threats-47954e5b

UNCLASSIFIED