Cyber Threats 2020: A Year in Retrospect
2021-02-28 • PWC •
https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
Attachments
PwC’s 2020 retrospective notes North Korea-based Black Banshee, also known as Kimsuky, registering domains that impersonated healthcare and pharmaceutical organizations involved in COVID-19 vaccine and treatment research. The observed targeting covered entities in Europe and South Korea as well as the World Health Organization, aligning Kimsuky activity with pandemic-related intelligence collection. PwC also reported infrastructure overlaps between biopharmaceutical-themed domains and C2 servers for AppleSeed and FlowerPower, malware families it attributes uniquely to Black Banshee.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | blogs.blackberry.com | 2021-02-28 | 2024-04-11 |
| HASH | 18f373debc38779065a26f1958dc260b | 2021-02-28 | 2021-02-28 |
| HASH | 3acb089e6a333e051dbc4a465cb68ee1 | 2021-02-28 | 2021-02-28 |
| URL | https://www.medianama.com/wpcon… | 2021-02-28 | 2021-02-28 |
| URL | https://www.norfund.no/app/uplo… | 2021-02-28 | 2021-02-28 |
| URL | https://www.disinfo.eu/publicat… | 2021-02-28 | 2021-02-28 |
| URL | https://www.forbes.com/sites/da… | 2021-02-28 | 2021-02-28 |
| URL | https://emercoin.com/en/emerdns | 2021-02-28 | 2021-02-28 |
| URL | https://web.br.de/interaktiv/oc… | 2021-02-28 | 2021-02-28 |
| URL | https://www.freightwaves.com/ne… | 2021-02-28 | 2021-02-28 |
| URL | https://lloydslist.maritimeinte… | 2021-02-28 | 2021-02-28 |
| DOMAIN | kb.juniper.net | 2021-02-28 | 2021-02-28 |
| DOMAIN | kb.pulsesecure.net | 2021-02-28 | 2021-02-28 |
| DOMAIN | emercoin.com | 2021-02-28 | 2021-02-28 |
| DOMAIN | web.br.de | 2021-02-28 | 2021-02-28 |
| DOMAIN | lloydslist.maritimeintelligence… | 2021-02-28 | 2021-02-28 |
| DOMAIN | leopardfitness.com | 2021-02-28 | 2021-02-28 |