It is common and intuitive to think that a security manager is responsible for the protection of their own team and organization. Spending the company’s resources on the security of another organization may sound unreasonable. However, recent events in the retail industry teach us otherwise. Today more than ever, as 3rd-party risk is gaining speed, executives are exposed to threats from unexpected directions and involving new weak points.

In the past few months, Cyberint has observed a series of suspicious PDF files mentioning different retail brands, scanned to an anti-virus repository. Seeing as the files were flagged as malicious by the repository, Cyberint’s working assumption is that the retailers were mentioned in order to lure their employees or customers into opening the files.

On January 28, 2021 the dark web community was informed that “ValidCC”, one of the leading marketplaces for compromised payment card details, was unexpectedly closing its services for good. This happened less than a month after “Joker’s Stash”, another popular dark web payment card marketplace, announced its retirement.

Believed active since 2004, if not much earlier, Turla is a high sophistication Russian-nexus threat group with espionage and intelligence gathering motivations targeting organizations worldwide. We have wrote about them in the past here. Known by many security vendor assigned names over the years including Turla Team, Uroburos and Venomous Bear, this bulletin provides an overview of Turla-attributed threats as observed over the past six months.