Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 5, 2022

The notorious FIN7 group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. These include a new POWERPLANT backdoor and two new versions of BIRDWATCH downloader—tracked as CROWVIEW and FOWLGAZE. Researchers claim that these malware are being used by threat actors to gain initial access and deliver more payloads.

Meanwhile, a new sophisticated malware campaign delivering a blizzard of RATs is going global as threat actors unleash a variety of RATs along with new tactics. The attackers are leveraging a new version of 3LOSH crypter to deliver AsyncRAT and LimeRAT, among others. There’s also an update about the LockBit ransomware campaign that involves the use of SocGholish in the initial stage and BLISTER as a second-stage loader.

Top Breaches Reported in the Last 24 Hours

The Works’ affected

UK high street retailer, The Works, has shut down its stores following a cybersecurity incident. It occurred after attackers gained unauthorized access to its systems. The firm disclosed that the attack has disrupted a limited number of trading and business operations.

Inverse Finance targeted

More than $15 million were stolen after hackers exploited the DeFi platform Inverse Finance. According to the company, the hackers manipulated its money market, Anchor, and increased the price of INV via Sushiswap. This enabled the attackers to borrow $15.6 million in the DOLA, ETH, WBTC, and YFI cryptocurrencies.

Nordex affected by a cyberattack

Wind turbine giant Nordex was forced to shut down its IT systems after discovering a cyberattack. The incident affected multiple systems in the firm. As a part of the precautionary measure, the company took immediate actions to prevent further propagation of the attack.

Top Malware Reported in the Last 24 Hours

AsyncRAT malware campaign

An ongoing malware attack campaign is using ISO disk images to deliver AsyncRAT, LimeRAT, and other commodity malware to victims. The threat actors behind the campaign have been using a new version of 3LOSH crypter to generate obfuscated code to hide the RAT payloads and facilitate the infection process.

Malware loader campaign discovered

A new campaign that delivers SocGholish in the initial stage, with BLISTER as a second-stage loader, has been uncovered by researchers. It is believed that both the loaders are being used to evade detection to execute final payloads, specifically LockBit in this case.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco issues a patch

A security researcher managed to exploit vulnerabilities in an obsolete Java library to launch remote code execution attacks on Cisco Nexus Dashboard Fabric Controller. Following this discovery, Cisco issued patches last month. One of these flaws was related to a Java deserialization flaw in an old library.

Yokogawa patches multiple flaws

Japanese automation giant Yokogawa has recently patched a series of vulnerabilities affecting its control system products. The flaws can be exploited to execute arbitrary commands, suppress alarms, delete files, escalate privileges, and disrupt physical processes. They are related to hardcore credentials, path traversal, command injection, DLL hijacking, inappropriate access privileges, and uncontrolled resource consumption.

VMware patches Spring4Shell flaw

VMware has issued security updates for the critical Spring4Shell flaw which impacts several of its cloud computing and virtualization products. Tracked as CVE-2022-22965, the flaw has a CVSS score of 9.8. Meanwhile, CISA has added the Spring4Shell flaw to its ‘Known Exploited Vulnerabilities’ Catalog as reports of active exploitation of the flaw comes to light.

Top Scams Reported in the Last 24 Hours

New WhatsApp phishing campaign

A new WhatsApp phishing campaign impersonating WhatsApp’s voice message feature is being used to spread information-stealing malware. So far, the campaign has affected around 28,000 email addresses. As a part of the campaign, the recipients are led to a series of steps that ultimately cause the installation of the malware that is capable of pilfering credentials.

New Threat in Spotlight

FIN7 updates its arsenal

The FIN7 APT group has evolved its malware and attack tactics. These include a new POWERPLANT backdoor and two new versions of BIRDWATCH downloader—tracked as CROWVIEW and FOWLGAZE. Researchers claim that these malware are being used by threat actors to gain initial access and deliver more payloads.

Related Threat Briefings