Trade Secrets Stolen from ThyssenKrupp

This week we hear about how Trade Secrets were Stolen from Industrial Giant ThyssenKrupp and how “Gooligan” Android Malware Hijacks Google Accounts.

Breach

Trade Secrets Stolen from Industrial Giant ThyssenKrupp

ThyssenKrupp, one of the world’s largest steel makers, was the victim of a cyber attack. Specific details about which documents were stolen were not identified or the scale of the intellectual property loss, but it was discovered that the cyber criminals stole project data from the plant engineering division. ThyssenKrupp did not provide details about how the attack happened, but investigations revealed that the attack was carried out by professional hackers from Southeast Asia.

References: ThyssenKrupp Secrets Stolen in 'Massive' Cyber Attack This Year | ThyssenKrupp Trade Secrets Stolen in 'Massive' Cyber Attack This Year | Cyberspies Stole Secrets From Industrial Giant ThyssenKrupp

Mitigation Strategies:

Breach

“Gooligan” Android Malware Hijacks Google Accounts

Over a million Google accounts have been hacked with Gooligan, a new malware that roots vulnerable Android devices to steal email addresses and authentication tokens stored on them. This information allows attackers to hijack your Google account and steal sensitive information from Google apps, such as Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

Traces of Gooligan code have been found in dozens of Android apps that seem legitimate on third-party app stores. Once the malware is downloaded and installed on the device, Gooligan starts sending your device’s stolen information to its Command and Control server. Android devices running an older version of the operating system, such as Android 4.x (Jelly Bean, KitKat) and 5.x (Lollipop) are most at risk. 

References:  Google accounts hit with malware -- a million and growingOver 1 Million Google Accounts Hacked by 'Gooligan' Android Malware | How to keep Gooligan virus off your Android phone

Mitigation Strategies:

  • Anti-virus applications for your Android device
  • Ensure the latest patch is applied to the operating system

This Week's Malicious IP Addresses

81.183.56.217 46.109.168.179
188.118.2.26 118.170.130.207
183.60.48.25 208.100.26.228

*IP addresses provided by Recorded Future.