Cyware Daily Threat Intelligence
Daily Threat Briefing • Feb 15, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 15, 2023
Owing to their notoriety and impact, North Korean hackers are one of the most talked about threats. For instance, a North Korean cyberespionage group has now surfaced with a phishing attack that drops a new malware backdoor strain dubbed M2RAT. Going by the findings, it leaves minimum traces of its malicious activities on an infected system. Another malware making the headlines is called Beep that facilitates other threat actors looking to infect victims with their own payloads. It is being delivered via spam email attachments, Discord, or OneDrive URLs.
Furthermore, researchers have discovered a template injection approach that might be used to take full control of an organization's network by abusing the open source SaltStack IT configuration and orchestration platform.
Tonga Communications Corporation breached
Tonga’s state-owned Tonga Communications Corporation was hit by a ransomware attack. The incident may slow down the process of connecting new customers, delivery of bills, and managing customer inquiries, according to officials. It assured that the attack had no impact on voice and internet service delivery to the customers.
**Sensitive record accessed at Louisiana HBCU **
Social Security Numbers (SSNs) and other personal information of nearly 44,000 students and vendors associated with the only Catholic historically Black college or university (HBCU) were exposed in a cyberattack. Xavier university’s official filing read that an unauthorized party illegally gained access to students’ full names and SSNs. Victims were informed.
GoAnywhere MFT bug hits CHS
Community Health Systems is one of the victims of the series of attacks involving the abuse of a zero-day in Fortra’s GoAnywhere MFT secure file transfer platform. The breach event affected the personal and health information (PHI) of up to one million patients. Days ago, the Clop ransomware group claimed to have breached 130 organizations by abusing the same zero-day flaw.
M2RAT for intel gathering
North Korean APT37 was spotted using a highly evasive M2RAT malware and steganography to target individuals for intelligence collection. It exploits an old EPS bug, tracked as CVE-2017-8291, in the Hangul word processor (commonly used in South Korea). The malware uses a shared memory region for executing commands and exfiltrating data from infected machines.
Add payloads with Beep
Minerva Labs discovered a brand-new piece of stealthy malware known as Beep. Through this, malware authors were attempting to use as many anti-debugging and anti-VM (anti-sandbox) strategies as they could uncover. Beep is meant to evade detection and extract and launch additional payloads—via a technique called process hollowing—on a compromised system.
Vidar and Lokibot become top threats
Check Point’s Global Threat Index report for January 2023 Most Wanted Malware list contains the likes of AgentTesla, Lokibot info-stealer, and Vidar info-stealer in the top 10. Qbot continues to hold the top position. Lokibot and Vidar were not in the top ten in the previous survey. The latter was observed propagating via fake domains purported to be associated with remote desktop software firm AnyDesk.
Security issues in SaltStack
The research team of Skylight Cyber uncovered a series of three simple management configurations and a "bonus injection" method in VMware-owned SaltStack. The bug could enable a remote hacker to run arbitrary code, establish persistence, and control a management network. Prolific hackers can deploy malware with worm-like capabilities to affect other systems connected to the initially compromised system.
Adobe patches half-a-dozen bugs
Adobe rolled out patches for at least a half dozen vulnerabilities concerning the company’s three most popular software products — Illustrator, Photoshop, and After Effects. The exploitation of the Illustrator flaw may lead to arbitrary code execution. The abuse of the Photoshop flaw, which affects both Windows and macOS, could lead to ?memory leak issues.
Three zero-days fixed by Microsoft
Microsoft patched three actively exploited zero days in its Patch Tuesday update addressing 75 vulnerabilities. The first one, CVE-2023-21715, allows a hacker to bypass a Microsoft Publisher security feature. The second bug, CVE-2023-23376, lets hackers achieve SYSTEM privileges. The third, CVE-2023-21823, could lead to RCE attacks and a complete takeover of a vulnerable system.