Cyware Daily Threat Intelligence
Daily Threat Briefing • Feb 24, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Feb 24, 2023
Researchers would like to bring everyone’s attention to a highly evasive cyberattack campaign involving the PureCrypter downloader. The campaign delivers a myriad of malware such as AgentTesla, Eternity, Redline Stealer, Blackmoon, and Philadelphia Ransomware. Meanwhile, a new remote access tool, named Atharvan, has come to light in a cyberattack operation against materials research companies. Symantec experts are clueless about who could be behind the attack or whom these hackers are acting on behalf of.
What more? Security analysts warned organizations utilizing Zoho ManageEngine products to patch a highly severe bug tracked as CVE-2022-47966. The attacks are ongoing in Australia, Canada, Italy, Nigeria, Mexico, the Netherlands, the U.K, Ukraine, and the U.S.
Third-party breach affects The Good Guys
My Rewards, a third-party supplier of Australian electrical & home appliances retailer The Good Guys, suffered a data breach that affected the PII of customers of the latter. The exposed data include names, email addresses, and phone numbers. The victim firm said its IT systems were not impacted by the attack.
Mental health records leaked
The Los Angeles school district confirmed that highly sensitive mental health records of
approximately 2,000 students have been uploaded on the dark web. The city’s school district experienced a potential ransomware attack last year, revealed an investigation by The 74. Besides PII, the leak included students’ detailed medical histories, academic performance, and disciplinary records.
Canada's second-largest telecom investigating breach
TELUS, Canada, has come across a data exposure incident after a cybercriminal posted stolen employee data samples online. The data shared by the hacker allegedly contains private source code repositories and payroll records. As the firm continues to look into the matter, it hasn’t yet found any evidence of corporate or retail customer data being affected in the incident.
Using PureCrypter against Government
Security researchers at Menlo Labs laid bare an attack campaign featuring the PureCrypter downloader to target government entities. The evasive threat campaign is disseminated via Discord by an unidentified threat actor. The attack campaign leverages the domain of a compromised non-profit organization as a C2 channel to deliver its secondary payload.
Atharvan RAT by Clasiopa
A hacker group, dubbed Clasiopa by the analysts at Broadcom company Symantec, is reportedly launching attacks against organizations in the materials research sector. The group boasts a unique toolset, including the custom Atharvan backdoor. Criminals have also used modified versions of the publicly available Lilith RAT and the Thumbsender hacking tool in this attack.
Need to fix Zoho vulnerability, warn experts
Several cybercrime groups are still attempting to abuse a now-patched critical security flaw in Zoho ManageEngine products. The flaw in question is CVE-2022-47966, an RCE bug that allows a hacker to fully take over vulnerable systems. Note that the flaw affects as many as 24 different Zoho products, including Access Manager Plus, ADManager Plus, Remote Access Plus, ADSelfService Plus, Password Manager Pro, and Remote Monitoring and Management (RMM).
RCE issue in Chrome browser
Google addressed a critical RCE vulnerability affecting its Chrome web browser. The use-after-free security hole impacts the Google Chrome component identified as Prompts. By exploiting the bug, adversaries could install malware on a victim’s system simply by tricking them to visit a malicious site. This round of updates patched six high-severity bugs, with one being about a year old.