Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 21, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 21, 2023
The ransomware landscape continues to thrive as a threat actor launched Hardbit 2.0. The ransomware group begs cyber insurance details from victim firms so that they can mutually set a ransom price that hurts no one. Speaking of malware threats, a cybercriminal group was observed launching a spear-phishing campaign using an updated version of the backdoor known as ReverseRAT. The cybercrime group first used ReverseRAT in its campaign in 2021 against the government and power utility sector of Afghanistan and India.
In other top headlines, Apple shared a new iOS 16.3.1 update that quietly addressed a high-severity vulnerability tracked as CVE-2023-23530, along with other security holes. The bug enabled arbitrary code execution with certain elevated privileges.
Ransomware targets healthcare facility
Patient data at the Pennsylvania-based Lehigh Valley Health Network (LVHN) was compromised in wake of a ransomware attack by the BlackCat group. The impacted data include patient images for radiation oncology treatment. Officials said the attack has not disrupted operations. BlackCat had reportedly demanded a ransom amount, however, the request was declined by LVHN.
Tusla, also an HSE cyberattack victim
The Irish Child and Family Agency Tusla is informing around 20,000 individuals about a breach during the 2021 cyberattack on the HSE, the country’s public healthcare system. Cybercriminals were able to steal sensitive data belonging to both staff and individuals. Tusla CEO Kate Duggan noted that it had secured an order to “restrain any sharing or processing or publishing of any of the data stolen.”
Irish media broadcaster under attack
A cyberattack on Virgin Media Television, an Irish broadcaster, has impacted its operations. Though the nature of the attack wasn’t specified by officials, they clarified it’s not a ransomware attack. Other operations of the company including the Virgin Mobile wireless carrier and home broadband experienced no interruptions owing to the attack.
ReverseRAT by SideCopy
Hackers are distributing an upgraded version of the ReverseRAT backdoor, revealed cybersecurity firm ThreatMon. The RAT is being deployed on Indian government sites through spear-phishing campaigns, which contain a fake advisory from India’s Ministry of Communications. The activity has been attributed to SideCopy, a threat group of Pakistani origin with overlaps with Transparent Tribe.
Hardbit 2.0 is here
A report from Varonis revealed its findings about the second version of HardBit ransomware that extorts organizations. Its first version was observed in October 2022. This time, actors were spotted negotiating with certain victims as per their terms of cyber insurance. Victims are given 48 hours to get in touch with hackers, who use a peer-to-peer chat program that is open-source and encrypted.
Apple fixes privilege escalation flaw
Apple recently released iOS 16.3.1 to all users. The new release fixed issues related to iCloud and Siri requests for the Find My app. Researchers from Trellix’s Advanced Research Center shared details about a privilege escalation bug that could let an attacker bypass Apple's security measures and execute arbitrary code on macOS and iOS.