Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 23, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 23, 2020
Researchers have deciphered a lesser-known attack technique that was a part of the recently disclosed SolarWinds supply attack chain. Dubbed as Golden SAML, the technique gives threat actors a way to maintain persistent access to all of an enterprise’s ADFS federated services.
Two cyberespionage campaigns associated with the notorious Lazarus threat actor gang have also been tracked by researchers. These attacks involved the use of wAgent malware.
In a major update, the recently discovered Pay2Key ransomware has been found to be the work of the Iranian-linked Fox Kitten hacking group.
Top Breaches Reported in the Last 24 Hours
iSofH affected
Vietnamese tech firm Innovative Solution for Healthcare (iSofH) has leaked 12 million records due to a misconfigured Elasticsearch database. Struck by the infamous meow attacker, the records include information such as full names, dates of birth, email addresses, and passport details of roughly 80,000 patients and healthcare staff.
Lazarus’s attack campaign
Researchers have uncovered two attack campaigns linked to the notorious Lazarus group. The first one is an attack against a government health ministry on October 27, which resulted in the compromise of two Windows servers. The second one involves a pharmaceutical company that was breached on September 25. The malware used in these attacks was wAgent.
TennCare members hit
TennCare has announced a security breach impacting certain TennCare members. According to the statement, around 3,300 Medicaid members in the state of Tennessee have been notified of the issue.
Top Malware Reported in the Last 24 Hours
New updates on Pay2Key ransomware
Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware that was recently used against organizations in Israel and Brazil. The hacking group has been active since at least 2017 and is known for orchestrating and being involved in cyber espionage and data theft campaigns. The group was responsible for selling access to compromised corporate networks on underground forums.
Golden SAML attack vector
The recently disclosed SolarWinds campaign has drawn the attention of researchers to a dangerous Active Directory Federation Services (ADFS) bypass technique. Dubbed as Golden SAML, the technique gives threat actors a way to maintain persistent access to all of an enterprise’s ADFS federated services.
Top Scams Reported in the Last 24 Hours
COVID-19 vaccine fraud scheme
The FBI is warning of ongoing COVID-19 vaccine phishing schemes that aim to steal personal information from users. Potential indicators of such fraudulent activity include offers for early access to vaccines conditioned by payment in advance, requests to pay out to receive a vaccine or to get added to a waiting list, and offers to ship doses of the vaccine in exchange for money transfers.
Facebook message scam
An ongoing Facebook message scam is luring users into parting away with their funds. The message appears to come from a person known to the user asking for financial help.