Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 4, 2021

The scope of SolarWind's supply chain attack continues to blow security experts’ minds as new details emerge. In a new update, Microsoft has confirmed that the hackers behind the attack had used a compromised account to view source code from its internal repositories. Discovered in early December 2020, the attack had affected several U.S. government departments and private organizations.

This doesn’t end here. In another investigation, it has been found that the China-based APT27 threat actor group has turned to ransomware to wreak havoc on at least five companies in the online gambling sector. BitLocker tool, Clambling backdoor, and PlugX RAT were also used as part of the attack campaign.

Top Breaches Reported in the Last 24 Hours

Over 200 million records on sale

Over 200 million records related to Chinese citizens have been put on sale on a Russian dark web forum. The exposed data includes ID, gender, name, birth date, mobile number, address, and code numbers of citizens. Researchers claim that the data might have been stolen from multiple popular Chinese services, including Gongan, County, Weibo, and QQ.

Windows Core Polaris code leaked

Microsoft’s unreleased Windows Core Polaris OS was reportedly been leaked online. However, the good news is that the leak included a very early build from 2018 and contained no shell or apps.

New update on SolarWinds

Microsoft has issued an update in which it has confirmed that it traced a compromised account used to “view source code” of its internal code structure. However, it stated that viewing source code is not tied to an elevation of risk.

Top Malware Reported in the Last 24 Hours

**APT27 turn to ransomware **

In an extended investigation, security researchers have found that the China-based APT27 threat actor group is behind ransomware attacks that targeted at least five companies in the online gambling sector. For this, the attackers relied on the BitLocker encryption tool and Clambling backdoor, a malware sample similar to the one used in the DBRControl campaign. Other malware found in the attack campaign includes the PlugX RAT.

Top Scams Reported in the Last 24 Hours

PayPal phishing scam

An ongoing smishing campaign is targeting PayPal users in an attempt to steal their account credentials and other sensitive information. The message warns the recipients that their accounts have been permanently limited and that they need to verify the account by clicking on a link. This, in turn, takes the victims to a phishing page that prompts them to provide their credentials. The phishing page goes a step further and asks for details such as name, date of birth, address, and bank details, among others.

Related Threat Briefings