A sophisticated campaign intertwining the TargetCompany ransomware and Remcos RAT has surfaced. Both exhibit enhanced evasive maneuvers to breach systems and ensure persistence. The seamless execution of components within unveils an alarming trend toward multi-layered attacks. It’s ‘Patch Tuesday’ and we have updates from SAP, Siemens, and Schneider Electric. Siemens has issued advisories addressing over 30 security issues, whereas Schneider Electric has released just one advisory notifying customers about a solitary flaw.

Separately, Cisco Talos has moderately attributed a new global ransomware operation to a likely Vietnamese-origin adversary. The ransomware strain, Yashma, can be traced back to Chaos ransomware and features a ransom note reminiscent of WannaCry.

Top Breaches Reported in the Last 24 Hours

Missile manufacturer targeted

An investigation is ongoing within the Russian defense industrial base as North Korean perpetrators targeted missile engineering giant NPO Mashinostroyeniya. Two distinct instances of compromise have emerged: the email server intrusion (attributed to the ScarCruft threat actor) and a Windows backdoor dubbed OpenCarrot (by the Lazarus Group) infiltrating the internal network.

Medical center hit by ransomware attack

Mayanei Hayeshua Medical Center in Bnei Brak, Israel, experienced a ransomware attack that disrupted administrative computer systems. It temporarily shut down outpatient clinics and imaging centers, though the hospital continues to provide care. While the perpetrators remain unknown, this incident underscores the persistent cyber threats faced by Israeli institutions, particularly in the health sector.

Cyberattack disrupts health services

Regional Health Service of the Autonomous Region of Madeira (SESARAM) suffered internal disruptions owing to a cyber incident. The incident's severity has led to the suspension of non-urgent clinical activities, affecting consultations, surgeries, and diagnostic procedures. SESARAM urges individuals to visit the Emergency Service only in cases of clear necessity, and the Regional Health Service will provide updates as the situation unfolds.

Top Malware Reported in the Last 24 Hours

Yashma variant targets multinational organizations

A newly identified strain of Yashma ransomware has raised concerns as it was found targeting organizations across Bulgaria, China, Vietnam, and English-speaking countries since June 4. The Yashma ransomware, a rebranding of the Chaos strain, fetches ransom notes from a controlled GitHub repository through an embedded batch file. The ransom note's eerie resemblance to WannaCry adds to the intrigue, suggesting an effort to cloud attribution.

Stealthy Ransomware and RAT assault

Trend Micro has uncovered a ransomware onslaught orchestrated by TargetCompany ransomware actors, also known as Mallox or Xollam. Employing the elusive BatCloak obfuscator engine, this campaign infiltrates vulnerable systems with Remcos RAT, establishing a foothold on targeted networks. Subsequently, the Remcos RAT masterminds the deployment of TargetCompany ransomware, further concealed within a fully undetectable (FUD) packer.

Top Vulnerabilities Reported in the Last 24 Hours

SAP’s August patch day

SAP has unveiled a series of critical security notes addressing vulnerabilities affecting SAP Message Server, SAP NetWeaver AS ABAP and ABAP Platform, and SAP Host Agent. While a HotNews Note highlighted an OS command injection vulnerability in IS-OIL, another new HotNews Note was dedicated to SAP PowerDesigner, addressing two vulnerabilities affecting client connections to a shared model repository via proxy. SAP PowerDesigner clients must be updated simultaneously to prevent potential issues.

Critical bugs in industrial products

Siemens and Schneider Electric have taken substantial steps to rectify critical vulnerabilities in their industrial products. Siemens published advisories outlining serious weaknesses in Ruggedcom products, including a Crossbow server application with multiple critical and high-severity vulnerabilities. A critical mirror port isolation flaw in Ruggedcom ROS devices was also addressed. Meanwhile, Siemens identified high-severity vulnerabilities across multiple products, emphasizing the potential exploitation via specially crafted files.