Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 6, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 6, 2021
The BlackMatter ransomware, which is believed to be a rebrand of DarkSide, has joined the list of ransomware operations targeting VMware ESXi servers. This new Linux variant of ransomware comes with improved anti-analysis techniques that provide a wide scope of attacks for the threat actors.
Reports of cybercriminals spawning new attacks have also come to the light in the last 24 hours. While the Iran-based Charming Kitten threat actor group is targeting Israeli reformists using a new Android malware named LittleLooter, a Chinese threat actor group has been held responsible for conducting a widespread attack against Southeast Asian companies using the Living-off-the-Land technique.
Top Breaches Reported in the Last 24 Hours
OrangeTee suffers a breach
OrangeTee real estate group has suffered a data security breach after attackers gained unauthorized access to its IT network. The firm is working closely with cybersecurity experts to ascertain the nature and the extent of the breach.
Cyberattacks against Alaska entities
A highly sophisticated group has been held responsible for the cyberattacks against the government and other entities in Alaska. The attack was launched by exploiting a vulnerable website.
Charming Kitten expands its arsenal
The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal. Dubbed LittleLooter, the Android backdoor is capable of stealing information such as GPS data, browser history, contact information, and live screen records.
StarHub suffers a breach
StarHub says the personal data of its customers have been dumped on a third-party site. The exposed data includes mobile numbers and email addresses of 57,191 customers.
Critical infrastructure targeted
Four critical infrastructure organizations in a South East Asian country were targeted in an espionage campaign that lasted for several months. The attacks were ongoing between November 2020 and March 2021 and were carried out via the living-off-the-land technique. Among the other tools used were Windows Management Instrument (WMI), ProcDump, PsExec, and Mimikatz.
Top Malware Reported in the Last 24 Hours
New Golang-based worm discovered
Researchers have uncovered a new Golang-based worm that drops cryptominer binaries by exploiting two known vulnerabilities (CVE-2020-14882 and CVE-2017-11610) in servers of the victim machine. Upon gaining access, the worm disables the hardware prefetcher by using MSR to boost the mining process.
BlackMatter ransomware evolves
BlackMatter ransomware now has a Linux version to obfuscate security tools. The new malware variant targets VMware’s ESXi virtual machine platform.
**Top Vulnerabilities Reported in the Last 24 Hours **
A new set of DNS vulnerabilities
A new class of DNS vulnerabilities impacting DNSaaS providers can allow attackers to access sensitive information from corporate networks. These flaws can be exploited by nation-state threat actors to spy on companies. While Google and Amazon have fixed these flaws, others are still vulnerable, exposing millions of devices to attacks.
VMware issues patches
VMware has released security updates to address critical vulnerabilities affecting its multiple products. Tracked as CVE-2021-22002, and CVE-2021-22003, the flaws affect VMware Workspace One Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Top Scams Reported in the Last 24 Hours
Phishing Text scam
The FTC has warned about a phishing scam that purports to be from the U.S. workforce agency. The scam targets users who are yet to receive unemployment insurance benefits. It is carried out via SMS messages in which scammers ask the recipients to activate their UI benefits accounts by clicking on a phishing link. The ultimate goal is to pilfer the personal information of users.