Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 7, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 7, 2022
Happy Monday and welcome back to a fresh scoop of your daily threat intel briefing. The infamous Roaming Mantis SMS phishing campaign has added a new set of victims as it enters the fourth year of its attack campaign. According to researchers, the attackers have made some changes in the Android trojan Wroba to target Android and iPhone users in Germany and France. This latest telemetry observed by researchers is something to worry about as attackers set their sights on Europe.
A case of ransomware rebranding has also grabbed the spotlight in the cyberthreat landscape. It is now confirmed that the relatively new BlackCat ransomware is the brand new version of the BlackMatter/DarkSide ransomware. In separate news, the FBI has issued a flash alert to help organizations better understand the modus operandi of LockBit ransomware, along with the required mitigation measures.
Top Breaches Reported in the Last 24 Hours
Washington State Database compromised
A security breach at the Washington State Department of Licensing has affected the personal information of millions of licensed professionals. The incident occurred in January and has likely impacted 40 different categories of businesses and professionals. The compromised data include Social Security Numbers, birth dates, and driver’s licenses.
Swissport affected by ransomware
A ransomware attack on Swissport led to the disruption of its operations. The attack was discovered on February 3, following which the firm took constructive actions to contain the impact. A full system clean-up and recovery is now underway.
Roaming Mantis reaches Europe
Researchers have detected some new activity in the Roaming Mantis attack campaign that has been active since 2018. The attackers have made changes in the Android trojan Wroba to target Android and iPhone users in Germany and France. Designed to steal credentials and distribute malware, the campaign is executed via malicious apps and phishing pages.
$4.4 million stolen
The blockchain infrastructures of Meter and Moonriver networks were hacked, allowing attackers to steal $4.4 million in ETH and BTC. The attackers had exploited a feature that automatically wrapped and unwrapped gas tokens to pilfer the fund.
Top Malware Reported in the Last 24 Hours
FBI releases details about LockBit operation
The FBI has issued a flash alert containing technical information associated with LockBit ransomware operation. The ransomware gang, which has been very active since September 2019, had released the LockBit 2.0 RaaS in June 2021. The list of victims of the ransomware includes Riviana, Bangkok Airways, Viastuin Group, Peabody Properties, Buffington law firm, and the Ministry of Justice of France, among others.
BlackCat is the new DarkSide ransomware
The BlackCat ransomware gang has confirmed that they are former members of the notorious BlackMatter/DarkSide ransomware. Discovered in November 2021, the ransomware is written in Rust language. It uses different encryption methods to encrypt files across a wide range of corporate environments.